python编写poc基础(1)
基础语法:
#!/usr/bin/env python3 定义运行环境 # coding=utf-8 定义全局编码
#!/usr/bin/env python3 # coding=utf-8 # python version 3.7 by 6time # import os """import os import mode.py3mode as mmd #导入其他包 mmd.hello() print("33333333") 注释 """ bigstr = """基础知识 python编写poc """ print(bigstr) print(u"你好 hacker !") # 前面加上u 兼容编码,没那么容易出错 print(b"111111\122222") def getpwd(): return os.getcwd() # 打印路径 print("=" * 10) print(getpwd()) print("=" * 10) # 定义类 class py3hello: def __init__(self): # 初始化 print("class __init__") def __del__(self): # 销毁 print("class __del__") def hello(self): print("class hello") ph = py3hello() ph.hello() print("33333333")
requests包发送get,post,json,上传文件等操作例子
#!/usr/bin/env python3 # coding=utf-8 # python version 3.7 by 6time # import requests requests.packages.urllib3.disable_warnings() # 关闭警告 base_headers = { 'Referer': '', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36', # 'User-Agent': f.user_agent() # faker } proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'} # bp代理 def http_get(url="https://www.baidu.com"): payload = { 'id': "/?id=1 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#", #"c:\\windows\\win.ini" 'key': ['value2', 'value3']} try: base_headers['Referer'] = url resp = requests.get( url=url, # params=payload, # 传参 headers=base_headers, # proxies=proxies, timeout=5, verify=False, # auth=('user', 'pass') ) if resp.status_code == 200: print(resp.text) except Exception as e: print(e) return None # 传字典 def http_post1(url="https://www.baidu.com"): data = {'key': 'value', 'id': 'value2'} base_headers['Referer'] = url res = requests.post(url=url, headers=base_headers, data=data, proxies=proxies, # files=files, timeout=5, verify=False) if res.status_code == 200: print(res.text) # 传json def http_post2(url="https://www.baidu.com"): data = {'key': 'value'} base_headers['Referer'] = url res = requests.post(url=url, headers=base_headers, json=data, # proxies=proxies, # files=files, timeout=5, verify=False) if res.status_code == 200: print(res.json()) # 传文件 def http_post3(url="https://www.baidu.com"): files = {'file': open('1.png', 'rb')} # files = {'file': ('file', open('1.png', 'rb'), 'application/png', {'Expires': '0'})} base_headers['Referer'] = url res = requests.post(url=url, headers=base_headers, # json=data, proxies=proxies, files=files, timeout=5, # allow_redirects=False, verify=False) if res.status_code == 200: print(res.text) # http_get() http_post1() # http_post2()
懒人必备hack-requests BurpSuite 重放
import HackRequests pip3 install HackRequests hack = HackRequests.hackRequests() raw = ''' GET / HTTP/1.1 Host: x.hacking8.com Connection: Keep-Alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 ''' hh = hack.httpraw(raw) print(hh.text())