Skip to content

Commit

Permalink
fix phpmyadmin and httpbasic crack
Browse files Browse the repository at this point in the history
  • Loading branch information
@JKme
JKme committed Jan 31, 2024
1 parent 3779d4b commit fc63a7c
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 7 deletions.
2 changes: 1 addition & 1 deletion core/crackmodule/httpbasic.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func (h HttpBasic) Exec() CrackResult {
log.Printf("Error closing response body: %v", err)
}
}()
if res.StatusCode != 401 {
if res.StatusCode >= 200 && res.StatusCode < 400 {
result.Result = true
}
} else {
Expand Down
14 changes: 14 additions & 0 deletions core/crackmodule/interfaces_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,20 @@ func TestMysql_Exec(t *testing.T) {

}

func TestPhpmyadmin_Exec(t *testing.T) {
c := Crack{
Ip: "http://127.0.0.1:8080",
Port: "3306",
Auth: Auth{
User: "root",
Password: "root",
},
Name: "phpmyadmin",
}
task := c.NewICrack()
task.Exec()
}

func TestParsePluginOpt(t *testing.T) {
//l := ParsePluginOpt("smb")
//fmt.Println(l)
Expand Down
23 changes: 17 additions & 6 deletions core/crackmodule/phpmyadmin.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"crypto/tls"
"cube/config"
"cube/gologger"
"io/ioutil"
"log"
"net/http"
"net/http/cookiejar"
Expand Down Expand Up @@ -49,7 +50,7 @@ func (p Phpmyadmin) Exec() CrackResult {
}
clt := http.Client{Transport: tr}
if !strings.HasPrefix(p.Ip, "http") {
gologger.Errorf("Invalid URL, eg: http://%s", p.Ip)
gologger.Errorf("Invalid URL, eg: https://%s", p.Ip)
}
req, _ := http.NewRequest("GET", p.Ip, nil)
req.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
Expand Down Expand Up @@ -78,9 +79,9 @@ func (p Phpmyadmin) Exec() CrackResult {
host, _ := url.Parse(p.Ip)
jar.SetCookies(host, resp.Cookies())
crackClt := http.Client{
CheckRedirect: func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse
},
//CheckRedirect: func(req *http.Request, via []*http.Request) error {
// return http.ErrUseLastResponse
//},
Jar: jar,
Transport: tr}

Expand All @@ -107,6 +108,14 @@ func (p Phpmyadmin) Exec() CrackResult {
return result
}

body2, err := ioutil.ReadAll(resp2.Body)
if err != nil {
log.Fatal(err)
}

// body是一个byte slice,通常我们转换成string来处理
//fmt.Println(string(body2))

if resp2 != nil {
defer func() {
// 使用 defer 调用匿名函数来处理 Close 的错误
Expand All @@ -115,10 +124,12 @@ func (p Phpmyadmin) Exec() CrackResult {
log.Printf("Error closing response body: %v", err)
}
}()

if resp2.StatusCode == 302 {
if strings.Contains(string(body2), "li_pma_wiki") {
result.Result = true
}
//if resp2.StatusCode == 302 {
// result.Result = true
//}
} else {
// 如果到这里,说明有严重的错误发生,resp2 应该不为 nil。
log.Printf("Response is nil without a preceding error.")
Expand Down

0 comments on commit fc63a7c

Please sign in to comment.