域账户密码审计
域账户密码审计
刚学python,写得不杂好,使用前,先vi配置下几个参数,文章最后有下载地址
本地要放一个弱密码列表pwd.txt
server #ad的ip
domain #域名
username #域用户名
password #域用户的密码
base_dn #改下ou
#!/usr/bin/python
#coding=utf-8
import ldap
# password file
pass_file = "pwd.txt"
# ldap server configuration
server = "10.1.10.2"
domain = "microsoft.com"
username = "user"
password = "password"
# ldap connection configuration
base_dn = "ou=users,dc=zy,dc=com"
scope = ldap.SCOPE_SUBTREE
filters = (objectCategory=user)
attrs = None
# Const: Account Disable
ACCOUNTDISABLE = 2
def c_pwd(server, user, pwd):
Crack pwd
Parameters: server - ip of the ad server
user - username that will crack
pwd - password of the user
Return: 1 - cracked
0 - crack failed
try:
conn = ldap.initialize(ldap://+server)
conn.bind_s(user, pwd)
conn.unbind_s()
return 1
except ldap.INVALID_CREDENTIALS,e:
conn.unbind_s()
return 0
def get_user(server, user, pwd):
Get all users of ad
Parameters: server - ip of the ad server
user - a normal user to get info
pwd - password of the normal user
Return: a list of users
result = list()
try:
conn = ldap.initialize(ldap://+server)
conn.bind_s(user, pwd)
result = conn.search_s(base_dn, scope, filters, attrs)
except ldap.LDAPError,e:
print e
for res in result:
attr_dict = res[1]
if not(int(attr_dict[userAccountControl][0]) & ACCOUNTDISABLE):
user_list.append(attr_dict[sAMAccountName][0])
conn.unbind_s()
return user_list
user_list = list()
user_list = get_user(server, username+@+domain, password)
try:
pwd_file = open(pass_file)
pwd_list = pwd_file.readlines()
cracked_file = open("cracked.txt", w)
for _user in user_list:
for _pwd in pwd_list:
user = _user+@+domain
pwd = _pwd.rstrip()
if c_pwd(server, user, pwd):
print cracked! username=+user+,password=+pwd
cracked_file.write(username=+user+,password=+pwd)
break
print Cracked finished! You can get all cracked user in "cracked.txt"
pwd_file.close()
cracked_file.close()
except IOError:
print open password file: failed!
相关内容
- 暂无相关文章
评论关闭