python寻找3389端口(2)
lonelyvaf
发布于 2018-06-07 06:57:41
发布于 2018-06-07 06:57:41
代码可运行
运行总次数:0
代码可运行
直接上脚本吧,多线程,加了队列,然后尝试用不同的banner头去连接1-65535端口,如果开放,总有一个是的,当从注册表无法读取RDP端口的时候。
#!/usr/bin/python
# coding: utf-8
import socket
import binascii
import sys
import threading
from Queue import Queue
def verify(sock, port):
while 1:
buff = sock.recv(2048)
if not buff:
break
b = bytearray(buff)
print "[+] %s" % binascii.hexlify(b)
detect_os(binascii.hexlify(b), port)
# if len(binascii.hexlify(b)) == 38:
# print "[+] RDP Port is %s" % port
# sys.exit(0)
def detect_os(res, port):
d = {
"2000": "0300000b06d00000123400",
"2003": "030000130ed000001234000300080002000000",
"2008": "030000130ed000001234000200080002000000",
"win7OR2008R2": "030000130ed000001234000209080002000000",
"2008R2DC": "030000130ed000001234000201080002000000",
"2012R2OR8": "030000130ed00000123400020f080002000000"
}
for key, value in d.iteritems():
if value == res:
print "[+] Os May be: %s" % key
print "[+] RDP Port is %s" % port
sys.exit(0)
def send_payload(sock):
sock.send("\x03\x00\x00\x13\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00")
def worker():
while not q.empty():
port = q.get()
try:
scan(port)
finally:
q.task_done()
def scan(port):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(2)
sys.stdout.write('[+] Check Port %s \r' % port)
sys.stdout.flush()
if s.connect_ex((ip, port)) == 0:
print "[+] Connect Success %s" % port
send_payload(s)
verify(s, port)
except Exception, e:
# raise e
pass
s.close()
if __name__ == '__main__':
if len(sys.argv) != 2:
print "Usage: %s IP" % sys.argv[0]
sys.exit(0)
ip = sys.argv[1]
q = Queue()
map(q.put, xrange(1, 65535))
threads = [threading.Thread(target=worker) for i in xrange(50)]
map(lambda x: x.start(), threads)
q.join()本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2017-04-26,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
暂无评论
推荐阅读
编辑精选文章
换一批
推荐阅读
相关推荐
python基础之常用模块
更多 >
腾讯云开发者
