Python hack programming 2 Getting Started demo--zip brute force hack

python hack programming 2 Getting Started demo--zip brute force hack

In the previous article, we built a basic python development environment in Kali Linux, this article in order to close Python and everyone's distance, we write a brute-force hack zip package password applet. This example comes from the Voilent Python book, which is also a primer on Python hacking programming, and is recommended for everyone to look at.

It may be a bit verbose to take care of classmates who have not been in touch with Python programming.

Talk less, we get to the point.

2.1 Preparing the basic material

In the/home/ziptest/directory, I created two files, a test.zip, a zip package with the password set, and a password of 456789.

The Dict.txt file is a dictionary file that is simply configured with a few passwords.

Here we open the development tool and start writing the test code.

2.2 ZipFile

The simplest way to manipulate a zip file in Python is to use the ZipFile module, which can be used to determine whether a file is a compressed file, create, unzip, or retrieve the metadata information of a zip file. You can use the Help method of Python to see how the module is used.

Here we first focus on the ZipFile class.

This class is used to open, read, modify, unzip the zip file. We want to manipulate a zip file, the first step is to initialize the ZipFile instance. Below we open our prepared Text.zip file.

Import ZipFile

Zfile = ZipFile. ZipFile ("/home/test. ZIP ");

We only pass a path parameter in, from the help document we can see that the following three parameters have default values, here we use the default value is enough.

Below we focus on the Extractall method of the ZipFile class.

Extractall method, is to compress the contents of the package is extracted out, three parameters, path is the path of decompression, members are required to extract the files, pwd is the password.

Now we can test the file decompression.

Import ZipFile

Zfile = ZipFile. ZipFile ("/home/ziptest/test. ZIP ");

Zfile.extractall ("/home/", pwd="456789");

Run the script.

If the password is correct, the file will be extracted normally. What happens if the password is incorrect? We enter an incorrect password in the code.

Import ZipFile

Zfile = ZipFile. ZipFile ("/home/ziptest/test. ZIP ");

Zfile.extractall (path="/home/ziptest", pwd="4567890");

The results are as follows:

The program throws a "Bad password" exception.

We can test multiple passwords by catching exceptions.

2.3 Reading a dictionary file

Open the file in Python, use the Open method, which is a built-in method to view the Open's Help document, you can see the parameter description of the method.

The open method returns a file object that allows us to read the specific contents of the files. Let's test it in the code below.

Import ZipFile

Passfile = open ('/home/ziptest/dict. TXT ');

for line in Passfile.readlines ():

Password = line.strip (' \ n ');

Print (password);

The results of the operation are as follows:

Below we use to read the password to Brute force test zip file.

Import ZipFile

Zfile = ZipFile. ZipFile ("/home/ziptest/test. ZIP ");

Passfile = open ('/home/ziptest/dict. TXT ');

for line in Passfile.readlines ():

Password = line.strip (' \ n ');

Try:

Zfile.extractall (path="/home/ziptest", Pwd=password);

Print ("PASSWORD is:"+password);

Exit (0);

except:

Pass;

In the above code, we use Try-except for exception capture, when the password is incorrect, the program skips to continue execution. When the password is correct, print the password and terminate the program. The results of the operation are as follows:

So far, our script has had the capability of brute-force zip files, and you can see only more than 10 lines of code. In order to improve the usability of the program, we reconstruct this script and use function partitioning.

2.4 Refactoring, Function partitioning

First define a extractfile function, which receives three parameters, a ZipFile object, the extracted target path, a password, and a password if decryption succeeds.

def Extractfile (Topath,zfile,password):

Try:

Zfile.extractall (Path=topath,pwd=password);

return password;

except Exception,e:

return;

Let us then declare a main method.

def Main ():

Zfile = ZipFile. ZipFile ("/home/ziptest/test. ZIP ");

Passfile = open ('/home/zip/test/dict. TXT ');

for line in Passfile.readlines ():

Password = line.strip (' \ n ');

Guess = Extractfile ("/home/", Zfile,password);

if guess:

Print (' scucess '+password);

Exit (0);

In the main method, the ZipFile object is initialized first, then the dictionary file is opened, the password is cycled, and passed to the Extractfile method call.

After separating the two methods, we need to call the main method at the entrance of the program, the complete code is as follows:

Import ZipFile

def Extractfile (Topath,zfile,password):

Try:

Zfile.extractall (Path=topath,pwd=password);

Print (' scucess '+password);

return password;

except Exception,e:

return;

def Main ():

Zfile = ZipFile. ZipFile ("/home/ziptest/test. ZIP ");

Passfile = open ('/home/ziptest/dict. TXT ');

for line in Passfile.readlines ():

Password = line.strip (' \ n ');

Guess = Extractfile ("/home/", Zfile,password);

if guess:

Print (' scucess '+password);

Exit (0);

if __name__==' __main__ ':

Main ();

This way, the code is clear a lot, but when we change the zip file and dictionary file, still need to modify the code, very inconvenient, the normal program should be able to pass parameters, OK, below we introduce Optparse library.

2.5 Optparse

Python has two built-in modules for handling command-line arguments:

One is getopt, "deep in Python" also mentioned in the book, can only simple processing command line parameters;

The other is Optparse, which is powerful and easy to use, and makes it easy to generate standard, UNIX/POSIX-compliant command-line instructions.

First introduce the Optparse module, then force the addition of two parameters, zip file name and dictionary file name. Look at the code first:

def main ():

Parser = Optparse. Optionparser ("Usage%prog" +\

"-F <zipfile>-D <dictFile>");

Parser.add_option ('-f ', dest= ' zname ', type= ' string ', help= ' specify zip file ');

Parser.add_option ('-d ', dest= ' dname ', type= ' string ', help= ' specify Dict file ');

(Options,args) =parser.parse_args ();

if (Options.zname==none) | (Options.dname==none):

Print parse.usage;

Exixt (0);

Else

Zname=options.zname;

Dname=options.dname;

Zfile = ZipFile. ZipFile (Zname);

Passfile = open (dname);

For line in Passfile.readlines ():

Password = line.strip (' \ n ');

Guess = Extractfile ("/home/", Zfile,password);

If guess:

Print (' scucess ' +password);

Exit (0);

First initialize a Optionparser object, and then add two options-"-F" and "-D". Then, when the program runs, the input parameters are obtained by the Parse_args method, and if the argument is empty, the method is printed and the program is exited.

Use the terminal below to test the program.

In the absence of parameters:

Input parameters:

2.6 Summary

The program itself is not difficult, but through this introductory case, we can experience the basic methods of Python programming, how to view the Help document, how to introduce modules, initialize objects, manipulate zip files, open local files, command line parameter settings.

In the original book, the author has a program to increase the number of multithreading examples, but is too rough, easy to mislead everyone to use multi-threading, so I this article directly skipped.

After the article, we will continue in depth on this basis, please look forward to.

Network Security Exchange QQ Group: 147098303

More Python hacking programming content, follow my subscription number, xuanhun521, for you to continue to push:

Python hack programming 2 Getting Started demo--zip brute force hack