ASP.NET基础学习(暴力破解密码)

首先写出一段登陆程序:

//ashx端
<%@ WebHandler Language="C#" Class="AddCalation" %>

using System;
using System.Web;

public class AddCalation : IHttpHandler {
    
    public void ProcessRequest (HttpContext context) {
        context.Response.ContentType = "text/html";
        
        string ispostback=context.Request["isback"];
        string username = context.Request["username"];
        string password = context.Request["password"];
        if (ispostback == "yes")
        {
            if (username == "admin" && password == "2314")
            {
                context.Response.Write("登陆成功");
            }
            else
            {
                context.Response.Write("登陆失败");
            }
            
        }
        else
        {
            username = string.Empty;
            password = string.Empty;
        }
        string path = context.Server.MapPath("AddCalation.html");
        string content = System.IO.File.ReadAllText(path);
        content=content.Replace("@user",username);
        content = content.Replace("@pass", password);
        context.Response.Write(content);
    }
 
    public bool IsReusable {
        get {
            return false;
        }
    }
}

//html端
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>加法计算器</title>
</head>
<body>
    <form action="AddCalation.ashx">
        <input type="hidden"value="yes"name="isback" />
        <label for="user">用户名</label>
            <input type="text" id="user" value="@user"name="username" />
            <br />
        <label for="pass">密码</label>
            <input type="password" id="pass"value="@pass" name="password" />
            <br /><input type="submit" value="登陆" />
</form>
</body>
</html>
 

然后写一段C#控制台程序进行暴力破解

 1 using System;
 2 using System.Collections.Generic;
 3 using System.Linq;
 4 using System.Net;
 5 using System.Text;
 6 using System.Threading.Tasks;
 7 
 8 
 9 namespace PasswordBreak
10 {
11     class Program
12     {
13         static void Main(string[] args)
14         {
15             WebClient wc = new WebClient();
16             wc.Encoding = Encoding.UTF8;
17             string s="";
18             for (int i = 0; i < 5000; i++)
19             {
20                 s = wc.DownloadString("http://localhost:41566/AddCalation.ashx?isback=yes&username=admin&password=" + i);
21                 if (s.Contains("登陆成功"))
22                 { Console.WriteLine(i); break; }
23             }
24             Console.WriteLine();
25             Console.Write(s);
26             Console.ReadKey();
27         }
28     }
29 }

通过循环依次试验密码来破解自己写的登陆代码中的密码

所以说登陆端口的安全性非常重要。

posted @ 2014-11-22 15:49  SYTM  阅读(813)  评论(0编辑  收藏  举报