存档

文章标签 ‘FTP’

PHP写的FTP猜解工具

最近,使用公司虚拟主机的客户老是抱怨网站被挂马,服务器安全方面我认为是没有问题的,问题只有可能出现在ftp上。查看服务器日志,果然没错,近期有大量的ftp登录失败的日志。
原因找到了,看看到底是那些空间出现了问题。于是模仿攻击这的方式,用php写的ftp猜解工具,今天测试了一下,结果让人触目惊心啊。考虑再三,本工具还是一改我往常的作风,不公开源代码了,原因嘛~太危险了,本工具一个小时能检测1800(我测试的服务器机房线路比较好,所以速度很快)个站点左右,出现安全隐患的竟然能达到300个站点左右,出现问题的站点竟然能占到1/6,如果被非法份子利用,跑10个小时,可能就有3000个站点遭殃了。
简单说一下功能,php 5.0开发的,
1、首先载入页面框架,提示输入一个域名
2、得到该服务器上的站点,调用myip.cn上的同服务器站点,返回列表。使用了easytemplate框架。
3、根据2的列表,依次执行猜解工作。每次猜解完一条信息,通过ajax返回工作进度,暂停0.5秒继续猜解。

猜解字典可自定义,一下密码均可被猜出:
同FTP名
域名去掉.(比如域名:www.baidu.com 密码为wwwbaiducom,baiducom)
123,1234,12345,123456,1234567,12345678,123456789,5201314,1314520,987654321,54321,88888888,000,0000,001,002,007,008,10th,1st,2nd,3rd,4th,5th,6th,7th,8th,9th,100,101,108,133,163,166,188,233,266,350,366,450,466,136,137,138,139,158,168,169,192,198,200,222,233,234,258,288,300,301,333,345,388,400,433,456,458,500,555,558,588,600,666,598,668,678,688,888,988,999,1088,1100,1188,1288,1388,1588,1688,1888,1949,1959,1960,1961,1962,1963,1964,1965,1966,1967,1968,1969,1970,1971,1972,1973,1974,1975,1976,1977,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1997,1999,2000,2001,2002,2088,2100,2188,2345,2588,3000,3721,3888,4567,4728,5555,5678,5888,6666,6688,6789,6888,7788,8888,8899,9988,9999,23456,34567,45678,88888,654321,888888,6666,56789,1234567,12345678,737,777,1111,2222,3333,4321,computer,cpu,memory,disk,soft,y2k,software,cdrom,rom,admin,master,card,pci,lock,ascii,knight,creative,modem,internet,intranet,web,www,isp,unlock,ftp,telnet,ibm,intel,microsoft,dell,compaq,toshiba,acer,info,aol,56k,server,dos,windows,win95,win98,office,word,excel,access,unix,linux,password,file,program,mp3,mpeg,jpeg,gif,bmp,billgates,chip,silicon,sony,link,word97,office97,network,ram,sun,yahoo,excite,hotmail,yeah,sina,pcweek,mac,apple,robot,key,monitor,win2000,office2000,word2000,net,virus,company,tech,technology,print,coolweb,guest,printer,superman,hotpage,enter,myweb,download,cool,coolman,coolboy,coolgirl,netboy,netgirl,log,login,connect,email,hyperlink,url,hotweb,java,cgi,html,htm,home,homepage,icq,mykey,c++,basic,delphi,pascal,anonymous,crack,hack,hacker,chinese,vcd,chat,chatroom,mud,cracker,happy,hello,room,english,user,netizen,frontpage,agp,netwolf,usa,hot,site,address,mail,news,topcool

2 条评论
六 30th, 2010 | Filed under PHP
标签: , ,