0x01 讀取注冊表獲取mac地址
運(yùn)行環(huán)境 win10 vscode
讀取注冊表還是要用管理員的重绷,所以vscode不能直接運(yùn)行汉矿,去cmd里去執(zhí)行
首先吐槽涡扼,這個代碼很多縮進(jìn)不太規(guī)范...可能也許是印刷問題吧...運(yùn)行過程中也有很多小問題....但思路還都是很好的
python2 獲取堆棧錯誤信息
# -*- coding: UTF-8 -*-
from _winreg import *
import traceback
def val2addr(val):
# print val
addr = ""
for ch in val:
# print ord(ch)
addr += ("%02x"%ord(ch)) #這里做了修改肩榕,不然處理\x會有問題
addr += ":" #這里做了修改匾效,書上那一長串replace不起作用...直接這樣寫陆盘,暴力簡單
# print "addr is : " + addr
return addr[0:17]
def printnets():
net = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged" #這里加r普筹,不用轉(zhuǎn)義其中的“\"符號
# print(net) 可以輸出測試一下
key = OpenKey(HKEY_LOCAL_MACHINE, net)
MAC_dict = {} #把最后倒出來的放到字典里
print '\n [*] networks you have joined'
for i in range(100):
try:
# print i
# print type(key) pyKEY
guid = EnumKey(key,i)
# print type(guid) string
netKey = OpenKey(key,str(guid))
(n, addr, t) = EnumValue(netKey,5)
# 這樣寫的意義是tuple多元賦值,打印出來看一下就明了了
# all_addr = EnumValue(netKey,5)
# print type(all_addr) tuple
(n, name, t) = EnumValue(netKey,4)
# all_name = EnumValue(netKey,4)
# print all_addr
# print all_name
#打印出來會很明了隘马,name的類型是unicode u'test_wifi'這樣太防,直接輸出報錯
netName = name.encode('unicode-escape').decode('string_escape')
macAddr = val2addr(addr)
print '[+]' + netName + ' ' + macAddr
MAC_dict[netName]= macAddr
CloseKey(netKey)
except Exception,e:
print e
print traceback.format_exc()
print "something wrong"
break
print MAC_dict
printnets()
最后貼一個定位
定位
抓一下上述url的包,找到接口酸员。requests走起
本來想直接把上面的代碼覆蓋了蜒车,想了想重新貼一下吧。
測試完成幔嗦,最終代碼
# -*- coding: UTF-8 -*-
from _winreg import *
import traceback
import requests
import os
MAC_dict = {}
# unicode解碼后亂碼酿愧,cmd界面要改一下編碼
os.system('chcp 65001')
# MAC地址格式化成xx:xx這樣
def val2addr(val):
# print val
addr = ""
for ch in val:
# print ord(ch)
addr += ("%02x"%ord(ch))
addr += ":"
# print "addr is : " + addr
return addr[0:17]
# 通過接口分析物理地址,獲取返回的json的數(shù)據(jù)
def GetAddr(macAddr):
# print MAC_dict
url = "https://met.red/h/location/getWifiInfo"
postdata = {'bssid':''}
# print "no"
# print bssid
postdata['bssid']=macAddr
r = requests.post(url,data=postdata)
# 獲取返回的json數(shù)據(jù)(dict)邀泉,text返回str型
Real_Addr = r.json()
if(Real_Addr['code']==0):
return Real_Addr['data']['address'].encode('utf-8')
else:
return "sorry can not find this address"
# 從注冊表中讀取WIFI名字和MAC地址
def main():
net = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged"
# print(net)
key = OpenKey(HKEY_LOCAL_MACHINE, net)
print '\n [*] networks you have joined.Start Analysis'
for i in range(1,12):
try:
# print i
# print type(key) pyKEY
guid = EnumKey(key,i)
# print type(guid) string
netKey = OpenKey(key,str(guid))
# 這樣寫的意義是tuple多元賦值嬉挡,打印出來看一下就明了了
(n, addr, t) = EnumValue(netKey,5)
# all_addr = EnumValue(netKey,5)
# print type(all_addr) tuple
(n, name, t) = EnumValue(netKey,4)
# all_name = EnumValue(netKey,4)
#打印出來會很明了,name的類型是unicode u'test_wifi'這樣汇恤,直接輸出報錯
# print all_addr
# print all_name
netName = name.encode('utf-8').replace(' ','')
macAddr = val2addr(addr)
Real_addr=GetAddr(macAddr)
print ' [+] ' + netName + ' [^] ' + macAddr + ' [^] ' + Real_addr
MAC_dict[netName]= macAddr
CloseKey(netKey)
except Exception,e:
print e
print traceback.format_exc()
print "something wrong"
break
# print MAC_dict
if __name__ == '__main__':
main()
結(jié)果圖:
結(jié)果分析:
應(yīng)該只可以解析出私人的WIFI那種棘伴,比如家庭。校園網(wǎng)無法定位屁置,也可能是接口不好
擴(kuò)展:
根據(jù)手機(jī)連接WIFI的模式焊夸,你連接過的會記住密碼,手機(jī)中應(yīng)該也存儲著這樣的信息蓝角,可以讀取阱穗,然后進(jìn)行分析。