Recently, I received a network security book presented by the electronic industry press 《python Black hat 》, There are a total of 24 An experiment , Today, I will repeat the 12 An experiment (wordpress Hidden dangers of documents ), My test environment is mbp The computer + fellow wordpress Online sites +conda development environment .wordpress It is a well-known blog website , If some configuration files are not deleted after installation , Easy to lead to website security risks , By comparison online wordpress And local wordpress The same document between , Get online wordpress File list of the site ~
1、 Download the latest wordpress Source code
2、 stay mbp Run the script on
3、 Get online wordpress Site files
4、 Try to visit
Reference code :
# -*- coding: utf-8 -*-
# @Time : 2022/6/13 8:21 PM
# @Author : ailx10
# @File : mapper.py
import contextlib
import os
import queue
import requests
import sys
import threading
import time
FILTERED = [".jpg",".gif",".png",".css"]
TARGET = "http://124.223.4.212/"
THREADS = 10
answer = queue.Queue()
web_paths = queue.Queue()
def gather_paths():
for root,_,files in os.walk("."):
for fname in files:
if os.path.splitext(fname)[1] in FILTERED:
continue
path = os.path.join(root,fname)
if path.startswith("."):
path = path[1:]
print(path)
web_paths.put(path)
@contextlib.contextmanager
def chdir(path):
this_dir = os.getcwd()
os.chdir(path)
try:
yield
finally:
os.chdir(this_dir)
def test_remote():
while not web_paths.empty():
path = web_paths.get()
url = f"{TARGET}{path}"
time.sleep(2)
r = requests.get(url)
if r.status_code == 200:
answer.put(url)
sys.stdout.write("+")
else:
sys.stdout.write("x")
sys.stdout.flush()
def run():
mythreads = list()
for i in range(THREADS):
print(f"Spawning thread {i}")
t = threading.Thread(target=test_remote)
mythreads.append(t)
t.start()
for thread in mythreads:
thread.join()
if __name__ == "__main__":
with chdir("/Users/ailx10/py3hack/chapter5/wordpress"):
gather_paths()
input("Press return to continue.")
run()
with open("myanswer.txt","w") as f:
while not answer.empty():
f.write(f"{answer.get()}\n")
print("done.")