这是真正的大神来解决的问题····求解说··小弟的项目做不下去了
以下是我从远端下载账户然后调用工具进行解密后检查其中的弱口令账户代码 但在第三方软件上报错了 求指点
# -*- coding: UTF-8 -*-
# 超级帐户检查
import commonfunc as cf
import re
import subprocess
import os
import os
import os.path
import time
import zipfile
@cf.aspectEnhance
def CheckItem(cli):
#文件路径
ipaddr = cli._cli._Dev__IPAddr
dev = cli.getOriginCli()
pswpath = dev.GetPackageDirPath()+"\\download\\ascii\"+ipaddr+"\\shadow"
weakpsw = dev.GetPackageDirPath()+"\\upload\\ascii\\weakpasswd.txt"
weakpsw_add = dev.GetPackageDirPath()+"\\download\\ascii\"+ipaddr+"\\weakpasswd_add.txt"
johnpath = dev.GetPackageDirPath()+"\\download\\binary\"+ipaddr+"\\john"
#如果john.zip未解压,先将其解压
if not os.path.exists(johnpath):
os.makedirs(johnpath)
if not os.path.isfile(dev.GetPackageDirPath()+"\\upload\\binary\\john.zip"):
os.rmdir(johnpath)
return(None,"There is no john tool!")
zfile = zipfile.ZipFile(dev.GetPackageDirPath()+"\\upload\\binary\\john.zip",'r')
for filename in zfile.namelist():
data = zfile.read(filename)
file = open(johnpath+"\"+filename, 'w+b')
file.write(data)
file.close()
# 删除原来的shadow文件
if os.path.isfile(pswpath):
os.remove(pswpath)
# 用将shadow拷贝到普通用户家目录下
strUserType = cli.GetCfgParamValue('SFTP_USER')
# 是root用户则直接下载
if strUserType == 'root':
tplRes = cf.download(cli,"/etc/",ipaddr,"shadow","ascii")
if tplRes[0] == None:
return tplRes
else:
strPath = "/home/" + strUserType + "/shadow"
cli.bash_run(r'cp /etc/shadow ' + strPath)
cli.bash_run(r'chown ' + strUserType + ' ' + strPath)
# 将普通用户家目录的shadow下载到本地
tprRes = cf.download(cli,"/home/" + strUserType,ipaddr,"shadow","ascii")
if tprRes[0] == None:
return tprRes
# 删除shadow文件
cli.bash_run(r'rm ' + strPath)
# 提取shadow中的账户,生成新的弱口令文件weakpasswd_add.txt
accout_str = ''
for l in open(pswpath):
m = l.split(':')
if len(m)>1:
accout_str = accout_str + '\r\n' + m[0] + '\r\n' + m[0].upper()
f_weak = open(weakpsw_add,'wb')
f_weak.write(accout_str)
f_weak.close()
# 调用john来分析shadow文件
johnCheckCmd = '"'+johnpath+"\\john.exe"+'"'+" --wordlist="+'"'+weakpsw+'"'+" "+'"'+pswpath+'"'
johnCheckCmd_add = '"'+johnpath+"\\john.exe"+'"'+" --wordlist="+'"'+weakpsw_add+'"'+" "+'"'+pswpath+'"'
johnShowCmd = '"'+johnpath+"\\john.exe"+'"'+" --show "+'"'+pswpath+'"'
subprocess.call(johnCheckCmd)
subprocess.call(johnCheckCmd_add)
p = subprocess.Popen(johnShowCmd, stdin = subprocess.PIPE,stdout = subprocess.PIPE, stderr = subprocess.PIPE, shell = False)
pswstr = p.stdout.read()
strmid = pswstr.split('\r\n')
# 删除shadow文件
if os.path.isfile(pswpath):
os.remove(pswpath)
if os.path.isfile(weakpsw_add):
os.remove(weakpsw_add)
#无弱口令账户
if len(strmid)<=1:
return (True, "No weak password exists for accounts.")
#有弱口令账户
pswresult = ''
for i in strmid:
j = i.split(':')
if len(j)>1:
pswresult = pswresult + '\r\n' + j[0]
return (False, "Weakpassword accounts:\n" + pswresult)
爆出的错误是error when try executing this item. Exception: exceptions.UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 3: ordinal not in range(128)
[解决办法]
先把'ascii'改成'latin-1'试试
[解决办法]
简单一点就是
startupinfo = subprocess.STARTUPINFO() startupinfo.dwFlags
[解决办法]
= subprocess.STARTF_USESHOWWINDOW subprocess.call('taskkill /F /IM exename.exe', startupinfo=startupinfo)
