Web暴力破解

讲å°WEBæ´å破解éè¿å¤§å®¶é½ä¼ç¨å°æ¦ç溯éªï¼ä½å¹¶ä¸æ¯ææWEB破解溯éªé½æ¯åºä»èªå¦çï¼ä¸è¦è¯´æ说å°æ¦ä»è人家çåè¯ï¼ï¼æè¿å ä¸ºå·¥ä½çå³ç³»ï¼ç¢°å°ä¸ä¸ªç½ç®¡å设å¤çWEBPORTALéè¦åWEB破解ï¼ççHTMLçæºç ï¼

â¦

function login_send()

{

var f, p, page, url, option;

f = document.form_login.forced_in.value;

u = document.form_login.username.value;

p = document.form_login.passwd.value;

pg = document.form_login.page.value;

url = "atm_login?username=" u "&passwd=" p "&forced_in=" f "&page=" pg;

option = "toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,favorites=no,resizable=no,left=230,width=520,top=120,height=300";

window.open(url, â_blankâ, option);

}

â¦

Username:

Password:

â¦

è¿éformçactionæ¯äº¤ç»ä¸ä¸ªæ¬å°çjavascriptèªå®ä¹å½æ°C login_sendæ¥å®æçï¼ç¨æº¯éªçè¯ï¼

Web暴力破解

çæ¥æ¯å ä¸ºè°ç¨äºjavascriptçå³ç³»å§â¦

æä¹åï¼å°±è¿æ ·æ¾å¼åï¼è¿ä¹å¤§å¯ä¸å¿ï¼è°åºwvsï¼Acunetix Web Vulnerability Scannerï¼ç¸ä¿¡é½ä¸å°åå¿é½ç¨è¿å®å§ï¼æç¨çæ¯4.0ï¼ç®åææ°ççæ¬æ¯5.xï¼ï¼éæ©å®çHTTP fuzzeråè½ï¼

Web暴力破解

ç¶åæä¹ä½¿ç¨å®å¢ï¼ææ´çäºä¸ä¸æµç¨ï¼å¶å®å溯éªçåçå·®ä¸å¤ï¼ä¸è¿å¯è½éè¦æ´æ·±å¥çäºè§£HTTPçç¸å³ç¥è¯ï¼ï¼

å®ä¹HTTP请æ±ï¼Requestï¼-ãå®ä¹æ´ç ´è¿ç®åæ°ï¼Add generatorï¼-ãæå¥æ´ç ´è¿ç®åæ°ï¼Insert into requestï¼-ãå®ä¹æå触åç¹å¾ï¼Fuzzer Filtersï¼-ãæ«æï¼Startï¼

ä¸é¢è®²å°å·ä½å®æï¼é¦åæ们ä»ç®æ çHTML代ç å¯ä»¥çå°ï¼å¶å®ç»éè¿ç¨æ¯éè¿POSTçå个åæ°[C两个éèåæ°ï¼forced_inä¸pageï¼ä¸ä¸¤ä¸ªæ交åæ°ï¼usernameä¸passwdï¼]è³æ¬é¡µçlogin_sendå½æ°ï¼ç¶ååéè¿GET atm_loginè¿ä¸ªé¡µé¢æ交认è¯æ°æ®ãå æ­¤å¨ä½¿ç¨wvs fuzzeråæ们é¦åéè¦å®ä¹æ交HTTP请æ±çå容ï¼å·ä½å¦ï¼

GET http://xxx.xxx.xxx.xxx/ atm_login?username=alex&passwd=demon&forced_in=false&page= HTTP/1.1

User-Agent: WVS/4.0

Accept: */*

ä¸é¢æ¯å å¥æ´ç ´è¿ç®åæ°è³HTTP请æ±å容中ï¼åºäºæ们æ¬æ¬¡çç®æ æ¯å¸å·ï¼usernameå­æ®µï¼ä¸å¯ç ï¼passwdå­æ®µï¼ï¼å æ­¤éè¦å®ä¹ä¸¤ä¸ªè¿ç®åæ°ï¼æ¬ä¾ä¸­ææç®è®©usernameè¿è¡æ´å破解ï¼èpasswdåè¿è¡å­å¸ç ´è§£ã

åºè¯å°è¯´ï¼å建ç«ä¸ä¸ªåºäºæ´å破解çusernameè¿ç®åæ°ï¼ç¹å»âAdd generatorâ-ãâRandom string generatorâåå¾å°ï¼

Web暴力破解

å¨âString lengthâ中填å¥å¼çé¿åº¦ï¼æè¿ééæ©5ï¼âCharacter setâ中è¾å¥å¯è½éè¦ç¨å°çå­ç¬¦ï¼æè¿ééæ©26个å°åå­æ¯ï¼éæ©âAllow repetitionsââå许éå¤ä½¿ç¨åå­ç¬¦ã
ä¸ä¸é¡µ12 ä¸ä¸é¡µ é读å¨æ

相关推荐