標籤:pst pytho code for ext def osi 資料包 模組
0x00
之前驗收waf模組webshell效果,組網pc--waf--webserver,收集網路上的webshell樣本,進行上傳測試。由於數量較多8000+個樣本,
只好寫了個工具進行驗收。
webshellhttps://github.com/tennc/webshell.git
0x01
用戶端實現
使用python的requests_toolbelt 庫進檔案上傳,這裡有個坑,不能用requests庫,requests上傳檔案只post一個資料包,在檔案較大情況下,上傳檔案不全。
# -*- coding: utf-8 -*-#@Time :2018/7/14 9:39#@Author :cui0x01#@file :webshell_send.pyfrom requests_toolbelt import MultipartEncoderimport requestsimport timeimport osimport sysimport getoptglobal logdatelogdate = time.strftime(‘%Y%m%d%H%M%S‘,time.localtime())def w_log(data): ‘‘‘ :return: ‘‘‘ if not os.path.exists(‘log‘): os.mkdir(‘log‘) log_name=os.path.join(‘log‘,logdate) with open(log_name,‘a+‘) as f: f.write(data)def send_url(url,folder): ‘‘‘ :return: ‘‘‘ abs_path = os.path.abspath(os.path.dirname(__file__)) folder_path=os.path.join(abs_path,folder) try: file_list= os.listdir(folder_path) except BaseException as re: print(‘‘‘ %s is not exist, please check your folder. ‘‘‘%folder) os._exit(0) for filename in file_list: #print(filename) #print(url) m = MultipartEncoder( fields={‘uploaded‘: (filename, open(os.path.join(folder_path,filename), ‘rb‘), ‘text/plain‘)} ) ‘‘‘ Content-Disposition: form-data; name="uploaded"; filename="aa.php" 這裡的files裡uploaded 就是multipart協議name欄位裡面的uploaded 服務端也是根據isset( $_FILES[ ‘uploaded‘ ],multipart協議name欄位裡面的uploaded接收檔案。 如果修改,要保持一致。 ‘‘‘ #print(len(files)) time.sleep(1) #file=os.path.join(folder_path,filename) #new_url=url+filename try: r = requests.post(url, data=m,headers={‘Content-Type‘: m.content_type}) except BaseException as re: print(‘waf reject: filename %s‘%filename) data=‘waf reject: filename %s \n‘%filename w_log(data) else: print("waf allow: filename: %s"%filename) data="waf allow: filename: %s \n"%filename w_log(data)if __name__ == "__main__": try: opts,args=getopt.getopt(sys.argv[1:],‘u:f:‘) u=opts[0][1] f=opts[1][1] #print(u,f) except Exception as e: print(‘‘‘ ****************************************************************** ex:python3 xx.py -u http://33.33.35.20/upload/upload.php -f white -u: target url -f: local folder ****************************************************************** ‘‘‘) os._exit(0) send_url(u,f)
0x02
服務端實現
用php接收,環境xp+phpstudy
<?phpif( isset( $_FILES[ ‘uploaded‘ ] ) ) {$target_path = "uploads/".basename( $_FILES[ ‘uploaded‘ ][ ‘name‘ ] ); if( !move_uploaded_file( $_FILES[ ‘uploaded‘ ][ ‘tmp_name‘ ], $target_path ) ) { echo ‘<pre>Your image was not uploaded.</pre>‘; } else { echo "<pre>{$target_path} succesfully uploaded!</pre>"; }}?>
0x03
效果示範
服務端
用戶端
抓包查看
檔案上傳成功
:https://github.com/cui0x01/python_daily/tree/master/upload_fuzz_tool
python檔案上傳工具實現
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
