Web暴力破解
讲å°WEBæ´åç ´è§£éè¿å¤§å®¶é½ä¼ç¨å°æ¦ç溯éªï¼ä½å¹¶ä¸æ¯ææWEBç ´è§£æº¯éªé½æ¯åºä»èªå¦çï¼ä¸è¦è¯´æ说å°æ¦ä»è人家çåè¯ï¼ï¼æè¿å 为工ä½çå³ç³»ï¼ç¢°å°ä¸ä¸ªç½ç®¡å设å¤çWEBPORTALéè¦åWEBç ´è§£ï¼ççHTMLçæºç ï¼
â¦
function login_send()
{
var f, p, page, url, option;
f = document.form_login.forced_in.value;
u = document.form_login.username.value;
p = document.form_login.passwd.value;
pg = document.form_login.page.value;
url = "atm_login?username=" u "&passwd=" p "&forced_in=" f "&page=" pg;
option = "toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,favorites=no,resizable=no,left=230,width=520,top=120,height=300";
window.open(url, â_blankâ, option);
}
â¦
Username:
Password:
â¦
è¿éformçactionæ¯äº¤ç»ä¸ä¸ªæ¬å°çjavascriptèªå®ä¹å½æ°C login_sendæ¥å®æçï¼ç¨æº¯éªçè¯ï¼
çæ¥æ¯å 为è°ç¨äºjavascriptçå³ç³»å§â¦
æä¹åï¼å°±è¿æ ·æ¾å¼åï¼è¿ä¹å¤§å¯ä¸å¿ï¼è°åºwvsï¼Acunetix Web Vulnerability Scannerï¼ç¸ä¿¡é½ä¸å°åå¿é½ç¨è¿å®å§ï¼æç¨çæ¯4.0ï¼ç®åææ°ççæ¬æ¯5.xï¼ï¼éæ©å®çHTTP fuzzeråè½ï¼
ç¶åæä¹ä½¿ç¨å®å¢ï¼ææ´çäºä¸ä¸æµç¨ï¼å¶å®å溯éªçåçå·®ä¸å¤ï¼ä¸è¿å¯è½éè¦æ´æ·±å¥çäºè§£HTTPçç¸å³ç¥è¯ï¼ï¼
å®ä¹HTTP请æ±ï¼Requestï¼-ãå®ä¹æ´ç ´è¿ç®åæ°ï¼Add generatorï¼-ãæå¥æ´ç ´è¿ç®åæ°ï¼Insert into requestï¼-ãå®ä¹æå触åç¹å¾ï¼Fuzzer Filtersï¼-ãæ«æï¼Startï¼
ä¸é¢è®²å°å·ä½å®æï¼é¦åæ们ä»ç®æ çHTML代ç å¯ä»¥çå°ï¼å¶å®ç»éè¿ç¨æ¯éè¿POSTçå个åæ°[C两个éèåæ°ï¼forced_inä¸pageï¼ä¸ä¸¤ä¸ªæ交åæ°ï¼usernameä¸passwdï¼]è³æ¬é¡µçlogin_sendå½æ°ï¼ç¶ååéè¿GET atm_loginè¿ä¸ªé¡µé¢æ交认è¯æ°æ®ãå æ¤å¨ä½¿ç¨wvs fuzzeråæ们é¦åéè¦å®ä¹æ交HTTP请æ±çå容ï¼å·ä½å¦ï¼
GET http://xxx.xxx.xxx.xxx/ atm_login?username=alex&passwd=demon&forced_in=false&page= HTTP/1.1
User-Agent: WVS/4.0
Accept: */*
ä¸é¢æ¯å å¥æ´ç ´è¿ç®åæ°è³HTTP请æ±å容ä¸ï¼åºäºæ们æ¬æ¬¡çç®æ æ¯å¸å·ï¼usernameå段ï¼ä¸å¯ç ï¼passwdå段ï¼ï¼å æ¤éè¦å®ä¹ä¸¤ä¸ªè¿ç®åæ°ï¼æ¬ä¾ä¸ææç®è®©usernameè¿è¡æ´åç ´è§£ï¼èpasswdåè¿è¡åå¸ç ´è§£ã
åºè¯å°è¯´ï¼å建ç«ä¸ä¸ªåºäºæ´åç ´è§£çusernameè¿ç®åæ°ï¼ç¹å»âAdd generatorâ-ãâRandom string generatorâåå¾å°ï¼
å¨âString lengthâä¸å¡«å¥å¼çé¿åº¦ï¼æè¿ééæ©5ï¼âCharacter setâä¸è¾å¥å¯è½éè¦ç¨å°çå符ï¼æè¿ééæ©26个å°ååæ¯ï¼éæ©âAllow repetitionsââå许éå¤ä½¿ç¨åå符ã
â¦
function login_send()
{
var f, p, page, url, option;
f = document.form_login.forced_in.value;
u = document.form_login.username.value;
p = document.form_login.passwd.value;
pg = document.form_login.page.value;
url = "atm_login?username=" u "&passwd=" p "&forced_in=" f "&page=" pg;
option = "toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,favorites=no,resizable=no,left=230,width=520,top=120,height=300";
window.open(url, â_blankâ, option);
}
â¦
Username:
Password:
â¦
è¿éformçactionæ¯äº¤ç»ä¸ä¸ªæ¬å°çjavascriptèªå®ä¹å½æ°C login_sendæ¥å®æçï¼ç¨æº¯éªçè¯ï¼
çæ¥æ¯å 为è°ç¨äºjavascriptçå³ç³»å§â¦
æä¹åï¼å°±è¿æ ·æ¾å¼åï¼è¿ä¹å¤§å¯ä¸å¿ï¼è°åºwvsï¼Acunetix Web Vulnerability Scannerï¼ç¸ä¿¡é½ä¸å°åå¿é½ç¨è¿å®å§ï¼æç¨çæ¯4.0ï¼ç®åææ°ççæ¬æ¯5.xï¼ï¼éæ©å®çHTTP fuzzeråè½ï¼
ç¶åæä¹ä½¿ç¨å®å¢ï¼ææ´çäºä¸ä¸æµç¨ï¼å¶å®å溯éªçåçå·®ä¸å¤ï¼ä¸è¿å¯è½éè¦æ´æ·±å¥çäºè§£HTTPçç¸å³ç¥è¯ï¼ï¼
å®ä¹HTTP请æ±ï¼Requestï¼-ãå®ä¹æ´ç ´è¿ç®åæ°ï¼Add generatorï¼-ãæå¥æ´ç ´è¿ç®åæ°ï¼Insert into requestï¼-ãå®ä¹æå触åç¹å¾ï¼Fuzzer Filtersï¼-ãæ«æï¼Startï¼
ä¸é¢è®²å°å·ä½å®æï¼é¦åæ们ä»ç®æ çHTML代ç å¯ä»¥çå°ï¼å¶å®ç»éè¿ç¨æ¯éè¿POSTçå个åæ°[C两个éèåæ°ï¼forced_inä¸pageï¼ä¸ä¸¤ä¸ªæ交åæ°ï¼usernameä¸passwdï¼]è³æ¬é¡µçlogin_sendå½æ°ï¼ç¶ååéè¿GET atm_loginè¿ä¸ªé¡µé¢æ交认è¯æ°æ®ãå æ¤å¨ä½¿ç¨wvs fuzzeråæ们é¦åéè¦å®ä¹æ交HTTP请æ±çå容ï¼å·ä½å¦ï¼
GET http://xxx.xxx.xxx.xxx/ atm_login?username=alex&passwd=demon&forced_in=false&page= HTTP/1.1
User-Agent: WVS/4.0
Accept: */*
ä¸é¢æ¯å å¥æ´ç ´è¿ç®åæ°è³HTTP请æ±å容ä¸ï¼åºäºæ们æ¬æ¬¡çç®æ æ¯å¸å·ï¼usernameå段ï¼ä¸å¯ç ï¼passwdå段ï¼ï¼å æ¤éè¦å®ä¹ä¸¤ä¸ªè¿ç®åæ°ï¼æ¬ä¾ä¸ææç®è®©usernameè¿è¡æ´åç ´è§£ï¼èpasswdåè¿è¡åå¸ç ´è§£ã
åºè¯å°è¯´ï¼å建ç«ä¸ä¸ªåºäºæ´åç ´è§£çusernameè¿ç®åæ°ï¼ç¹å»âAdd generatorâ-ãâRandom string generatorâåå¾å°ï¼
å¨âString lengthâä¸å¡«å¥å¼çé¿åº¦ï¼æè¿ééæ©5ï¼âCharacter setâä¸è¾å¥å¯è½éè¦ç¨å°çå符ï¼æè¿ééæ©26个å°ååæ¯ï¼éæ©âAllow repetitionsââå许éå¤ä½¿ç¨åå符ã
ä¸ä¸é¡µ12 ä¸ä¸é¡µ é读å¨æ
相关推荐
鹏鹏之家 2010-12-21
陈伟堂 2012-08-21
heyw 2011-12-13
JavaLab 2011-09-09
itisyang 2011-03-11
浪子huang 2019-07-01
engineer0 2019-06-28
前端JavaScript 2019-06-28
bingshiwuyu 2019-06-21
gouiso 2016-05-25
ningningmingming 2012-09-03
langyanmudi 2012-01-28
waveclouds 2012-01-24
suiwuxinhen 2019-06-06
硅谷精英程序员 2019-03-29
HMHYY 2019-03-14
千锋 2019-03-12
hanxia 2019-03-11