前言:
当我们进行后渗透的时候,进行提权的时候
要识别被未打补丁的漏洞。来进行提权,从而
拿到管理员权限。
思路:
1.让使用者在cmd中打systeminfo命令。将补丁号
放入一个txt。
2.与list.txt进行对比。没有的则打出来
对漏洞进行区分
代码:
import os import optparse import re def main(): parser=optparse.OptionParser() parser.add_option('-j',dest='jiance',help='-j[file] Check all') parser.add_option('-7',dest='windows7',help='-7[file] inspect windows7') parser.add_option('-8',dest='windowsserver2008',help='-8 [file] inspect windows server 2008') parser.add_option('-2',dest='windowserver2012',help='-2 [file] inspect windows server 2012') parser.add_option('-3',dest='windowsserver2003',help='-3 [file] inspect windows server 2003') parser.add_option('-x',dest='windowsXP',help='-x [file] inspect windows XP') parser.add_option('-0',dest='windows10',help='0 [file] inspect windows 10') (options,args)=parser.parse_args() if options.jiance: file=options.jiance jiance(file) elif options.windows7: file2=options.windows7 windows7(file2) elif options.windowsserver2008: file3=options.windowsserver2008 windowsserver2008(file3) elif options.windowserver2012: file4=options.windowserver2012 windowsserver2012(file4) elif options.windowsserver2003: file5=options.windowsserver2003 windowsserver2003(file5) elif options.windowsXP: file6=options.windowsXP windowsxp(file6) elif options.windows10: file7=options.windows10 windows10(file7) else: parser.print_help() exit() def jiance(file): pd=os.path.exists(file) if pd == True: print('[*]{}existence'.format(file)) else: print('[-]Sorry{}not existence'.format(file)) exit() pd2=os.path.exists('list.txt') if pd2==True: print('[*]list.txt existence') else: print('[-]not existence list.txt') exit() lists=open('list.txt','r').read() fg=open('{}'.format(file),'r').read() pow="{}".format(fg) lgw=re.findall('KBd+',lists) print('[*]There are no patched patches') for v in lgw: if v in str(pow): pass else: print("[*]",v) def windows7(file2): pd = os.path.exists(file2) if pd == True: print('[*]{}existence'.format(file2)) else: print('[-]Sorry{}not existence'.format(file2)) exit() pd2 = os.path.exists('windows7.txt') if pd2 == True: print('[*]windows 7.txt existence') else: print('[-]not existence windows 7.txt') exit() lists = open('windows7.txt', 'r').read() fg = open('{}'.format(file2), 'r').read() pow = "{}".format(fg) lgw = re.findall('KBd+', lists) print('[*]There are no patched patches') for v in lgw: if v in str(pow): pass else: print("[*]", v) def windowsserver2008(file3): pd = os.path.exists(file3) if pd == True: print('[*]{}existence'.format(file3)) else: print('[-]Sorry{}not existence'.format(file3)) exit() pd2 = os.path.exists('windows server 2008.txt') if pd2 == True: print('[*]windows server 2008.txt existence') else: print('[-]not existence windows server 2008.txt') exit() lists = open('windows server 2008.txt', 'r').read() fg = open('{}'.format(file3), 'r').read() pow = "{}".format(fg) lgw = re.findall('KBd+', lists) print('[*]There are no patched patches') for v in lgw: if v in str(pow): pass else: print("[*]", v) def windowsserver2012(file4): pd = os.path.exists(file4) if pd == True: print('[*]{}existence'.format(file4)) else: print('[-]Sorry{}not existence'.format(file4)) exit() pd2 = os.path.exists('windows server 2012.txt') if pd2 == True: print('[*]windows server 2012.txt existence') else: print('[-]not existence windows server 2012.txt') exit() lists = open('windows server 2012.txt', 'r').read() fg = open('{}'.format(file4), 'r').read() pow = "{}".format(fg) lgw = re.findall('KBd+', lists) print('[*]There are no patched patches') for v in lgw: if v in str(pow): pass else: print("[*]", v) def windowsserver2003(file5): pd = os.path.exists(file5) if pd == True: print('[*]{}existence'.format(file5)) else: print('[-]Sorry{}not existence'.format(file5)) exit() pd2 = os.path.exists('windows server 2003.txt') if pd2 == True: print('[*]windows server 2003.txt existence') else: print('[-]not existence windows server 2003.txt') exit() lists = open('windows server 2003.txt', 'r').read() fg = open('{}'.format(file5), 'r').read() pow = "{}".format(fg) lgw = re.findall('KBd+', lists) print('[*]There are no patched patches') for v in lgw: if v in str(pow): pass else: print("[*]", v) def windowsxp(file6): pd = os.path.exists(file6) if pd == True: print('[*]{}existence'.format(file6)) else: print('[-]Sorry{}not existence'.format(file6)) exit() pd2 = os.path.exists('windows XP.txt') if pd2 == True: print('[*]windows XP.txt existence') else: print('[-]not existence windows XP.txt') exit() lists = open('windows XP.txt', 'r').read() fg = open('{}'.format(file6), 'r').read() pow = "{}".format(fg) lgw = re.findall('KBd+', lists) print('[*]There are no patched patches') for v in lgw: if v in str(pow): pass else: print("[*]", v) def windows10(file7): pd = os.path.exists(file7) if pd == True: print('[*]{}existence'.format(file7)) else: print('[-]Sorry{}not existence'.format(file7)) exit() pd2 = os.path.exists('windows 10.txt') if pd2 == True: print('[*]windows 10.txt existence') else: print('[-]not existence windows 10.txt') exit() lists = open('windows 10.txt', 'r').read() fg = open('{}'.format(file7), 'r').read() pow = "{}".format(fg) lgw = re.findall('KBd+', lists) print('[*]There are no patched patches') for v in lgw: if v in str(pow): pass else: print("[*]", v) if __name__ == '__main__': main()
效果:
Github下载地址:https://github.com/422926799/python