The previous article introduced how to use PowerShell to scan IP segments and ports in batches, and added the Invoke-ScanIPPort function in the PSNet program. Although the port listening on the specified IP side is scanned, but the port is not matched with the corresponding program, as we know some common applications use the default port is fixed, by collecting mappings, you can check the services in the IP address range in batches. This function will be introduced in subsequent articles.
After scanning a specific port, we need to find the weak password and common password for the service corresponding to this port. By scanning the default password, if the correct password is attempted, in many cases, we can find an important breakthrough in penetration testing. For weak password attacks that can be used as penetration tests, ftp, mysql, sqlserver, oracle, telnet, ssh, Tomcat, Weblogic, and so on are usually targeted. If such attacks can be detected, quickly scanning weak passwords through a unified method will greatly speed up the process of improving sensitive information and permissions. This article and subsequent articles will attempt to use PowerShell to implement a weak password attempt on the above potential attack points. This article will first try the ftp password.
The extension continues in the PSNet assembly, and the script named Invoke-FtpLogin.ps1 is created under $ env: PSSpace/PSNet/TCPOp/to return logon success after passing in the specified ftp address, user name, and password.
At the same time, add an application to the Invoke-FtpLogin.ps1 program file in $ env: PSSpace/PSNet. psm1 to facilitate simultaneous initialization of this function during PowerShell initialization:
. $ Env: PSSpace/PSNet/TCPOp/Invoke-FtpLogin.ps1
The following describes the functions of related parameters in this function:
-Site is used to input the address of the ftp server, in the format of ftp: // localhost. You can use a domain name or IP address. This parameter is required.
-User: Specifies the username of the ftp server to be verified. The default value is Anonymous. Optional.
-Pass is used to Pass in the password of the ftp server to be verified. The default value is hello @ world. Optional (note: the password of anonymous users in the ftp protocol can be replaced by any string with the @ symbol)
-Port: Specifies the Port number of the ftp server to be verified. The default value is 21. Optional. (This parameter is not used currently. It will be used for extension in subsequent articles)
-TimeOut is used to specify the time-out time for the ftp server when the password is verified. The default value is 3000 ms. Optional (not used for the moment. It will be extended in subsequent articles)
-ReadWriteTimeOut is used to specify the default read/write timeout time for the ftp server. The default value is 10000 ms. Optional (not used for the moment. It will be used for extension in subsequent articles)
Call method of this script:
Invoke-FtpLogin-Site ftp: // localhost-User test-Pass abcd1234
The execution result is as follows:
650) this. width = 650; "style =" border-right-0px; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px "title =" invoke-ftplogin "border =" 0 "alt =" invoke-ftplogin "src =" http://www.bkjia.com/uploads/allimg/131227/0F435C28-0.png "width =" 685 "height =" 262 "/>
If an anonymous user exists, enter the ftp host address to log on, and enter the ftp password. Only the correct value is displayed.
The Code is as follows:
==== File name: Invoke-FtpLogin.ps1 ===== Function Invoke-FtpLogin {Param ([parameter (Mandatory = $ true)] [string] $ Site =" ftp://localhost ", [String] $ User =" Anonymous ", [string] $ Pass =" hello @ world ", [int] $ Port = 21, [int] $ TimeOut = 3000, [int] $ ReadWriteTimeout = 10000) Write-Host "Get FTP site dir listing... "# Do directory listing $ FTPreq = [System. net. ftpWebRequest]: Create ($ Site) $ FTPreq. timeout = $ TimeOut # msec (default is infinite) $ FTPreq. readWriteTimeout = $ ReadWriteTimeout # msec (default is 300,000-5 mins) $ FTPreq. keepAlive = $ false # (default is enabled) $ FTPreq. credentials = New-Object System. net. networkCredential ($ User, $ Pass) $ FTPreq. method = [System. net. webRequestMethods + FTP]: ListDirectorytry {$ FTPres = $ FTPreq. getResponse () Write-Host "$ User _ $ Pass OK" $ success = $ true # Write-Host $ FTPres. statusCode-nonewline # Write-Host $ FTPres. statusDescription $ FTPres. close ()} catch {Write-Host "FAILED: $ _" $ success = $ false }}
Author: Fu haijun
Source: http://fuhj02.blog.51cto.com
Copyright: The copyright of this article is owned by the author and 51cto.
Reprinted: you are welcome to reprinted. Please Reprinted as required to save the author's Creative Enthusiasm.] Thank you.
Requirement: This statement must be retained without the author's consent. The original Article must be connected and the content must be complete! Otherwise, legal liability is required!
Personal Website: http://txj.shell.tor.hu/