python
feier7501
这个作者很懒,什么都没留下…
展开
-
python实现SimpleHTTPServer的POST方法
代码如下:import SimpleHTTPServerimport SocketServerimport redef htc(m): return chr(int(m.group(1),16))def urldecode(url): rex=re.compile('%([0-9a-hA-H][0-9a-hA-H])',re.M) return rex.su原创 2013-06-04 23:33:00 · 16994 阅读 · 1 评论 -
SQL Injector - POST Parameter Attack
login.jsp如下:<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>Register user username: password: bt5上操作如下:root@bt:/pentest/exploits/fasttrack原创 2013-07-08 21:32:47 · 1339 阅读 · 0 评论 -
用Tabnabbing Attack Method登录人人网
用刚才的脚本,然后输出如下: Select from the menu: 1) Spear-Phishing Attack Vectors 2) Website Attack Vectors 3) Infectious Media Generator 4) Create a Payload and Listener 5) Mass Mailer Attack原创 2013-06-22 17:30:34 · 1805 阅读 · 4 评论 -
用Credential Harvester Attack Method登录人人网
修改了一下脚步ModifyForm.py:#!/usr/bin/python# Filename: ModifyForm.pyimport sysimport osfrom pyquery import PyQuery as pqfrom src.core.setcore import *def ModifyForm(htmlPath, url): if not o原创 2013-06-22 16:34:25 · 2147 阅读 · 0 评论 -
Credential Harvester的脚本修改
昨天测试出现乱码。今天晚上调试,修改了一下。#!/usr/bin/python# Filename: ModifyFormAction.pyimport sysimport osfrom pyquery import PyQuery as pqdef ModifyFormAction(htmlPath, url): if not os.path.isfile(html原创 2013-06-20 23:59:00 · 1507 阅读 · 0 评论 -
python脚本溢出Windows 2000 Professional的漏洞ms08_067
脚本如下:#!/usr/bin/env python############################################################################## MS08-067 Exploit by Debasis Mohanty (aka Tr0y/nopsled)# www.hackingspirits.com# www原创 2013-07-07 22:34:30 · 3005 阅读 · 0 评论 -
安装impacket
下载地址:http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Impacket用easy_install来安装:E:\python>easy_install impacket-0.9.9.9.zipProcessing impacket-0.9.9.9.zipWriting原创 2013-07-07 21:37:56 · 8091 阅读 · 0 评论 -
安装pycrypto
在BT5上安装:root@bt:~# easy_install pycrypto-2.6.tar.gz Processing pycrypto-2.6.tar.gzWriting /tmp/easy_install-bRS9dY/pycrypto-2.6/setup.cfgRunning pycrypto-2.6/setup.py -q bdist_egg --dist-dir /tmp原创 2013-07-07 21:46:56 · 14711 阅读 · 0 评论 -
Credential Harvester Attack Method获得用户信息
前段时间在学习SET,发现Credential Harvester Attack Method一直无法获得登录的用户名和密码,一开始用wireshark抓包来调试,的确没有相应的数据,后来怀疑是代码的问题,于是查看python代码。本人没学过python,因此还不得不去学习一下python。今天看代码,看到cloner.py的代码有问题。于是修改之,增加了一个新的模块:#!/usr/bin原创 2013-06-20 00:15:06 · 2632 阅读 · 0 评论 -
安装EasyInstall
在https://pypi.python.org/pypi/setuptools下载安装命令:E:\python\setuptools-0.7.4>python setup.py install然后会提示安装成功,如下:copying setuptools.egg-info\entry_points.txt.orig -> build\bdist.win32\egg\EGG-IN原创 2013-06-19 22:13:05 · 2124 阅读 · 3 评论 -
TypeError: 'module' object is not callable
代码:#!/usr/bin/pythonimport ModifyFormActionModifyFormAction("C:/Python27/1.html", "http://192.168.1.11")报错:TypeError: 'module' object is not callable原因:Python导入模块的方法有两种:import mo原创 2013-06-19 23:26:22 · 9736 阅读 · 1 评论 -
安装pyquery
下载地址:https://pypi.python.org/pypi/pyquery/#downloads下载后安装:C:\Python27>easy_install E:\python\pyquery-1.2.4.zip也可以直接在线安装:C:\Python27>easy_install pyquery输出如下:C:\Python27>easy_install pyquer原创 2013-06-19 22:20:51 · 9430 阅读 · 0 评论 -
python的socket
服务端:# Echo server programimport socketHOST = '' # Symbolic name meaning all available interfacesPORT = 50007 # Arbitrary non-privileged ports = socket.socket(socket.AF_INET, socket.SOCK_STREA转载 2013-06-05 16:26:40 · 658 阅读 · 0 评论 -
(a)ttempt SQL Ping and Auto Quick Brute Force 续2——原因
今晚再次调试,发现生成的h2b.exe无法运行,这个文件用来把hex转换成bin,而且后面的代码,似乎也有问题: print "Metasploit payload delivered.." print "Converting our payload to binary, this may take a few..." query5=("""xp_c原创 2013-07-10 22:49:55 · 888 阅读 · 0 评论