Python脚本|phpMyAdmin批量猜解利用

好久没发文章了,是之前折腾过的一点东西,翻出来记录一下。

意图:只针对root用户进行密码枚举,其他数据库用户权限太低且利用苛刻,phpmyadmin只是在实战中的一个思路,故只对root用户利用已经足够。
需要先准备好已知的phpmyadmin后台地址URL,可以先进行特定的url采集,放入url.txt中,准备好枚举字典。

抓取CNVD漏洞CMS厂商列表

脚本摘自某大佬博客,抓取CNVD漏洞CMS厂商列表,获取到对应的CMS类型,方便查找和进行代码审计。截止目前,已经获取到 763 种CMS类型。

Python脚本|根据URL生成特定目标网站备份文件猜测字典

Python小白,分享一个网站信息搜集的思路,并用Python写出脚本,仅供参考~

搜集常见的备份文件后缀类型,以及一些固定的文件名,可自由添加修改:

#coding=utf-8

# 根据URL生成特定目标网站备份文件猜测字典

#Test By: AnCoLin|影风

#http://www.storysec.com

suffixList = ['.rar','.zip','.sql','.gz','.tar','.bz2','.tar.gz','.bak','.dat']

keyList=['install','INSTALL','index','INDEX','ezweb','EZWEB','flashfxp','FLASHFXP']

# 请输入目标URL

print "Please input the URL:"
url = raw_input()

if (url[:5] == 'http:'):
    url = url[7:].strip()

if (url[:6] == 'https:'):
    url = url[8:].strip()

numT = url.find('/')

if(numT != -1):
    url = url - url[:numT]

# 根据URL,推测一些针对性的文件名:

num1 = url.find('.')
num2 = url.find('.',num1 + 1)

keyList.append(url[num1 + 1:num2])
keyList.append(url[num1 + 1:num2].upper())

keyList.append(url)  # www.test.com
keyList.append(url.upper())

keyList.append(url.replace('.','_'))  # www_test_com
keyList.append(url.replace('.','_').upper())

keyList.append(url.replace('.',''))  # wwwtestcom
keyList.append(url.replace('.','').upper())

keyList.append(url[num1 + 1:])   # test.com
keyList.append(url[num1 + 1:].upper())   

keyList.append(url[num1 + 1:].replace('.','_'))  # test_com
keyList.append(url[num1 + 1:].replace('.','_').upper())

# 生成字典列表,并写入txt文件:

tempList =[]

for key in keyList:
    for suff in suffixList:
        tempList.append(key + suff)

fobj = open("success.txt",'w')

for each in tempList:
    each ='/' + each
    fobj.write('%s%s' %(each,'\n'))
    fobj.flush()

print 'OK!'

测试如图:

根据darkless师傅的提示,进行了修改。对师傅表示感谢~

改成了python3下运行,功能上暂时没有多想的。。。

#coding=utf-8
# 根据 URL 生成特定目标网站备份文件猜测字典
#Test By: AnCoLin|影风
#http://www.storysec.com
suffixList = ['.rar','.zip','.sql','.gz','.tar','.bz2','.tar.gz','.bak','.dat']
keyList=['install','INSTALL','index','INDEX','ezweb','EZWEB','flashfxp','FLASHFXP']
# 请输入目标 URL
url =input("Please input the URL:")
if (url[:5] == 'http:'):
    url = url[7:].strip()
if (url[:6] == 'https:'):
    url = url[8:].strip()
numT = url.find('/')
if(numT != -1):
    url = url - url[:numT]

# 根据 URL,推测一些针对性的文件名:
num1 = url.find('.')
num2 = url.find('.',num1 + 1)

keyList.append(url[num1 + 1:num2])
keyList.append(url[num1 + 1:num2].upper())
keyList.append(url)  # www.test.com
keyList.append(url.upper())
keyList.append(url.replace('.','_'))  # www_test_com
keyList.append(url.replace('.','_').upper())
keyList.append(url.replace('.',''))  # wwwtestcom
keyList.append(url.replace('.','').upper())
keyList.append(url[num1 + 1:])   # test.com
keyList.append(url[num1 + 1:].upper())   
keyList.append(url[num1 + 1:].replace('.','_'))  # test_com
keyList.append(url[num1 + 1:].replace('.','_').upper())

# 生成字典列表,并写入 txt 文件:
tempList =[]
for key in keyList:
    for suff in suffixList:
        tempList.append(key + suff)
        fileName = url+'.'+'txt'
fobj = open(fileName,'w')

for each in tempList:
    each ='/' + each
    fobj.write('%s%s' %(each,'\n'))
    fobj.flush()

print("OK!")

图片展示: