python简易端口扫描器


Python多线程实现常见端口扫描

import threading 
import sys
import socket
import threading 
import sys

port_list = [21, 22, 23, 25, 80, 135, 137, 139, 445, 1433, 1502, 3306, 3389, 8080 ,9015]
target_ip = sys.argv[1]
#print target_ip
Lock = threading.Lock()

def scan_port(target_ip,target_port):
    #global target
    try:
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.connect((target_ip,target_port))
        Lock.acquire()  
        print u'port :'+str(target_port)+' is opening'
        Lock.release()
        s.close()
    except Exception,e:
        #with Lock:
        pass

if __name__ == '__main__':
    for port in port_list:
        #scan_port(target_ip,port)
        t=(threading.Thread(target = scan_port,args = (target_ip,port)))
        t.setDaemon(True)
        t.start()
    t.join()

本地测试效果如下:


浅谈php伪协议


这次校赛,学长出的一道tomcat提权的题目,需要用伪协议去读文件和getshell,所以记录下常见的几种伪协议及其安全问题。

0x01 php://filter

php://filter是一种元封装器,设计用于数据流打开时的筛选过滤应用,这里可造成LFI

<?php   //test.php
phpinfo();
?>
<?php   //1.php
include($_GET['a']);
?>

http://127.0.0.1/1.php?a=php://filter/read=convert.base64-encode/resource=index.php

base64 decode一下就是test.php的源码
allow_url_include:on 可以造成RFI

0x02 zip和phar协议