python编写poc基础（1）

基础语法：

#!/usr/bin/env python3 定义运行环境
# coding=utf-8 定义全局编码

#!/usr/bin/env python3
# coding=utf-8
# python version 3.7 by 6time
#
import os

"""import os
import mode.py3mode as mmd #导入其他包
mmd.hello()
print("33333333") 注释
"""

bigstr = """基础知识
python编写poc
"""
print(bigstr)
print(u"你好 hacker ！")  # 前面加上u 兼容编码，没那么容易出错
print(b"111111\122222")


def getpwd():
    return os.getcwd()  # 打印路径


print("=" * 10)
print(getpwd())
print("=" * 10)


# 定义类
class py3hello:
    def __init__(self):  # 初始化
        print("class __init__")

    def __del__(self):  # 销毁
        print("class __del__")

    def hello(self):
        print("class hello")


ph = py3hello()
ph.hello()

print("33333333")

 

requests包发送get,post,json,上传文件等操作例子

#!/usr/bin/env python3
# coding=utf-8
# python version 3.7 by 6time
#
import requests

requests.packages.urllib3.disable_warnings()  # 关闭警告

base_headers = {
    'Referer': '',
    'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36',
    # 'User-Agent': f.user_agent() # faker
}

proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}  # bp代理


def http_get(url="https://www.baidu.com"):
    payload = {
        'id': "/?id=1 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#", #"c:\\windows\\win.ini"
        'key': ['value2', 'value3']}
    try:
        base_headers['Referer'] = url
        resp = requests.get(
            url=url,
            # params=payload,  # 传参
            headers=base_headers,
            # proxies=proxies,
            timeout=5,
            verify=False,
            # auth=('user', 'pass')
        )
        if resp.status_code == 200:
            print(resp.text)
    except Exception as e:
        print(e)
    return None


# 传字典
def http_post1(url="https://www.baidu.com"):
    data = {'key': 'value', 'id': 'value2'}
    base_headers['Referer'] = url
    res = requests.post(url=url,
                        headers=base_headers,
                        data=data,
                        proxies=proxies,
                        # files=files,
                        timeout=5,
                        verify=False)
    if res.status_code == 200:
        print(res.text)


# 传json
def http_post2(url="https://www.baidu.com"):
    data = {'key': 'value'}
    base_headers['Referer'] = url
    res = requests.post(url=url,
                        headers=base_headers,
                        json=data,
                        # proxies=proxies,
                        # files=files,
                        timeout=5,
                        verify=False)
    if res.status_code == 200:
        print(res.json())


# 传文件
def http_post3(url="https://www.baidu.com"):
    files = {'file': open('1.png', 'rb')}
    # files = {'file': ('file', open('1.png', 'rb'), 'application/png', {'Expires': '0'})}
    base_headers['Referer'] = url
    res = requests.post(url=url,
                        headers=base_headers,
                        # json=data,
                        proxies=proxies,
                        files=files,
                        timeout=5,
                        # allow_redirects=False,
                        verify=False)
    if res.status_code == 200:
        print(res.text)


# http_get()
http_post1()
# http_post2()

 

懒人必备hack-requests BurpSuite 重放

import HackRequests                    pip3 install HackRequests
hack = HackRequests.hackRequests()
raw = '''
GET / HTTP/1.1
Host: x.hacking8.com
Connection: Keep-Alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
'''
hh = hack.httpraw(raw)
print(hh.text())