前言
之前用finalshell,但是总感觉有时候比较卡顿 download源码 有些bug 现在已经转成electerm了
写了几个小脚本来自动化 代码比较烂 还在不断更新中
修改ssh弱口令
- # coding:utf-8
- # py2
- import paramiko
- import os,sys
- import logging
- logging.raiseExceptions = False
- username = 'root' # 修改
- file = open('ip.list') # 修改
- newpasswd = "asdasd" # 修改
- def ssh_connect(ip_line,username):
- ip = str(ip_line.split(' ')[0])
- port = str(ip_line.split(' ')[1])
- oldpasswd = str(ip_line.split(' ')[2]).strip()
- ssh = paramiko.SSHClient()
- ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- try:
- ssh.connect(ip,port,username,oldpasswd)
- print(ip + " 连接成功!")
- return ip,ssh
- except:
- print(ip + " 连接失败!")
- exit()
- # 方法一 暂时没有办法判断是否密码修改成功
- def change_pwd_1(ssh,newpasswd):
- stdin,stdout,sterr = ssh.exec_command('echo root:%s | chpasswd' % (newpasswd))
- out, err = stdout.read(), sterr.read()
- # 方法二 可以判断密码是否修改成功 并输出返回信息
- def change_pwd_2(ssh,newpasswd):
- command = "passwd %s" % (username)
- stdin, stdout, stderr = ssh.exec_command(command)
- stdin.write(newpasswd + '\n' + newpasswd + '\n')
- out, err = stdout.read(), stderr.read()
- successful = 'password updated successfully'
- if successful in str(err):
- print(ip + " 密码修改成功!")
- else:
- print(str(err))
- print(ip + " 密码修改失败!")
- for line in file:
- ip,ssh = ssh_connect(line,username)
- # change_pwd_1(ssh,newpasswd)
- change_pwd_2(ssh,newpasswd)
- ssh.close()
- file.close()
ip.list格式
ip 端口 老密码
- node3.buuoj.cn 25139 asdasd
- node3.buuoj.cn 25360 asdasd
效果演示
修改密码前
修改密码
连接失败
更换密码 连接成功
自动化download web源码
- # coding:utf-8
- # py2
- import paramiko
- import os,sys
- import logging
- logging.raiseExceptions = False
- ip = "127.0.0.1" # 修改
- port = 22222 # 修改
- username = 'root' # 修改
- PrivateKey_id_rsa_file = "./id_rsa" # 修改
- game_dir = "/Users/asura/asura/za/xxxxctf/" # 修改
- server_web_DOCUMENT_ROOT = "/var/www/html" # 修改
- web_zip_name = "web1.tar.gz" # 修改
- private_key = paramiko.RSAKey.from_private_key_file(PrivateKey_id_rsa_file)
- def ssh_connect(ip,port,username):
- ssh = paramiko.SSHClient()
- # 把要连接得机器添加到 known_hosts 文件中
- ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- try:
- ssh.connect(ip,port,username,pkey=private_key,allow_agent=False, look_for_keys=False)
- print(ip + " 连接成功!")
- return ssh
- except:
- print(ip + " 连接失败!")
- exit()
- def download_bak_html(ssh):
- # 压缩源码到服务器的tmp目录下
- command1 = "tar -zcvf /tmp/{} -C {} .".format(web_zip_name,server_web_DOCUMENT_ROOT)
- stdin, stdout, stderr = ssh.exec_command(command1)
- # stdin.write(newpasswd + '\n' + newpasswd + '\n')
- out, err = stdout.read(), stderr.read()
- print(out)
- # 将源码传到本地
- transport = paramiko.Transport((ip, port))
- transport.connect(username='root', pkey=private_key)
- sftp = paramiko.SFTPClient.from_transport(transport)
- sftp.get("/tmp/{}".format(web_zip_name),"{}{}".format(game_dir,web_zip_name))
- # sftp.put('/tmp/location.py', '/tmp/test.py') # 上传1到2
- transport.close()
- if __name__ == "__main__":
- # 创建ssh连接
- ssh = ssh_connect(ip,port,username)
- download_bak_html(ssh)
- # 创建解压目录,解压源码
- os.system("mkdir {} && tar -zxvf {} -C {}".format(game_dir+web_zip_name.split(".")[0],ga
- me_dir+web_zip_name,game_dir+web_zip_name.split(".")[0]))
效果演示
docker中的web目录
- 2ec43556ad8a kalinew2 "bash" 13 hours ago
- Up 13 hours 0.0.0.0:22222->22/tcp, 0.0.0.0:10011->80/tcp kalinew
docker22端口映射到了22222端口
docker /tmp目录也-v 挂载了出来
xxxxctf文件夹
运行脚本
成功tar打包靶机的web源码 到靶机的/tmp目录下 然后sftp从靶机中拷贝到本机
的这次xxxxctf比赛的文件夹下 并解压
|
