0x01 读取注册表获取mac地址
运行环境 win10 vscode
读取注册表还是要用管理员的,所以vscode不能直接运行,去cmd里去执行
首先吐槽,这个代码很多缩进不太规范...可能也许是印刷问题吧...运行过程中也有很多小问题....但思路还都是很好的
python2 获取堆栈错误信息
# -*- coding: UTF-8 -*-
from _winreg import *
import traceback
def val2addr(val):
# print val
addr = ""
for ch in val:
# print ord(ch)
addr += ("%02x"%ord(ch)) #这里做了修改,不然处理\x会有问题
addr += ":" #这里做了修改,书上那一长串replace不起作用...直接这样写,暴力简单
# print "addr is : " + addr
return addr[0:17]
def printnets():
net = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged" #这里加r,不用转义其中的“\"符号
# print(net) 可以输出测试一下
key = OpenKey(HKEY_LOCAL_MACHINE, net)
MAC_dict = {} #把最后倒出来的放到字典里
print '\n [*] networks you have joined'
for i in range(100):
try:
# print i
# print type(key) pyKEY
guid = EnumKey(key,i)
# print type(guid) string
netKey = OpenKey(key,str(guid))
(n, addr, t) = EnumValue(netKey,5)
# 这样写的意义是tuple多元赋值,打印出来看一下就明了了
# all_addr = EnumValue(netKey,5)
# print type(all_addr) tuple
(n, name, t) = EnumValue(netKey,4)
# all_name = EnumValue(netKey,4)
# print all_addr
# print all_name
#打印出来会很明了,name的类型是unicode u'test_wifi'这样,直接输出报错
netName = name.encode('unicode-escape').decode('string_escape')
macAddr = val2addr(addr)
print '[+]' + netName + ' ' + macAddr
MAC_dict[netName]= macAddr
CloseKey(netKey)
except Exception,e:
print e
print traceback.format_exc()
print "something wrong"
break
print MAC_dict
printnets()
最后贴一个定位
定位
抓一下上述url的包,找到接口。requests走起
本来想直接把上面的代码覆盖了,想了想重新贴一下吧。
测试完成,最终代码
# -*- coding: UTF-8 -*-
from _winreg import *
import traceback
import requests
import os
MAC_dict = {}
# unicode解码后乱码,cmd界面要改一下编码
os.system('chcp 65001')
# MAC地址格式化成xx:xx这样
def val2addr(val):
# print val
addr = ""
for ch in val:
# print ord(ch)
addr += ("%02x"%ord(ch))
addr += ":"
# print "addr is : " + addr
return addr[0:17]
# 通过接口分析物理地址,获取返回的json的数据
def GetAddr(macAddr):
# print MAC_dict
url = "https://met.red/h/location/getWifiInfo"
postdata = {'bssid':''}
# print "no"
# print bssid
postdata['bssid']=macAddr
r = requests.post(url,data=postdata)
# 获取返回的json数据(dict),text返回str型
Real_Addr = r.json()
if(Real_Addr['code']==0):
return Real_Addr['data']['address'].encode('utf-8')
else:
return "sorry can not find this address"
# 从注册表中读取WIFI名字和MAC地址
def main():
net = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged"
# print(net)
key = OpenKey(HKEY_LOCAL_MACHINE, net)
print '\n [*] networks you have joined.Start Analysis'
for i in range(1,12):
try:
# print i
# print type(key) pyKEY
guid = EnumKey(key,i)
# print type(guid) string
netKey = OpenKey(key,str(guid))
# 这样写的意义是tuple多元赋值,打印出来看一下就明了了
(n, addr, t) = EnumValue(netKey,5)
# all_addr = EnumValue(netKey,5)
# print type(all_addr) tuple
(n, name, t) = EnumValue(netKey,4)
# all_name = EnumValue(netKey,4)
#打印出来会很明了,name的类型是unicode u'test_wifi'这样,直接输出报错
# print all_addr
# print all_name
netName = name.encode('utf-8').replace(' ','')
macAddr = val2addr(addr)
Real_addr=GetAddr(macAddr)
print ' [+] ' + netName + ' [^] ' + macAddr + ' [^] ' + Real_addr
MAC_dict[netName]= macAddr
CloseKey(netKey)
except Exception,e:
print e
print traceback.format_exc()
print "something wrong"
break
# print MAC_dict
if __name__ == '__main__':
main()
结果图:
结果图.png
结果分析:
应该只可以解析出私人的WIFI那种,比如家庭。校园网无法定位,也可能是接口不好
扩展:
根据手机连接WIFI的模式,你连接过的会记住密码,手机中应该也存储着这样的信息,可以读取,然后进行分析。
