尝试在localhost上使用nmap来强制管理Django框架中的管理名称/传递。我用一个管理员创建了简单的Django应用程序,启动了它,现在我尝试强制使用这样的密码:
nmap -p 8000 --script http-form-brute --script-args userdb=test.txt,passdb=test.txt,path=/admin/,hostname=localhost -vv -d -sT 127.0.0.1
test.txt包含两行,其中一行是正确的。
nmap生成:
Scanned at 2014-10-23 11:42:12 ope for 0s
PORT STATE SERVICE REASON
8000/tcp open http-alt syn-ack
Final times for host: srtt: 1000 rttvar: 5000 to: 100000
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Read from C:\Program Files (x86)\Nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 6.90 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
服务器日志包含请求:
----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 12312)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 595, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/site-packages/django/core/servers/basehttp.py", line
129, in __init__
super(WSGIRequestHandler, self).__init__(*args, **kwargs)
File "/usr/lib/python2.7/SocketServer.py", line 651, in __init__
self.handle()
File "/usr/lib/python2.7/wsgiref/simple_server.py", line 116, in handle
self.raw_requestline = self.rfile.readline()
File "/usr/lib/python2.7/socket.py", line 447, in readline
data = self._sock.recv(self._rbufsize)
error: [Errno 104] Connection reset by peer
----------------------------------------
答案 0 :(得分:1)
当服务器断开套接字连接,然后客户端使用死套接字时,会发生错误104.
我认为在你的情况下发生了这种情况是因为Django登录涉及的是用于' session-id'和' csrf-token'。正确登录需要这些东西。我不知道nmap如何处理http cookie。您可以使用curl选项添加所有http客户端规范。