简介:常规情况下,由于web自身的服务资源,带宽,吞吐率的原因,存在访问上线的情况,这和极端情况下本地直接即时访问,即时反馈的机制是完全不可等同的。另外暴力破解密码这种行为本身就是一个徘徊为灰色地带的,并且条件极其苛刻的情况下才有可能使用得上,这也是为了极少存在通过暴力破解密码从而找回或者攻陷入口的原因。本篇仅为技术讨论,请勿用于非法途径。
历史攻略:
web破解密码案例:
1、创建一个web服务并创建密码,运行。
package main
import (
"crypto/rand"
"fmt"
"github.com/gin-gonic/gin"
"math/big"
"time"
)
func GetTime() time.Time {
return time.Now()
}
func GetPassword(length int, kind string) string {
passwd := make([]rune, length)
var codeModel []rune
switch kind {
case "num":
codeModel = []rune("0123456789")
case "char":
codeModel = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
case "mix":
codeModel = []rune("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
case "advance":
codeModel = []rune("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+=-!@#$%*,.[]")
default:
codeModel = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
}
for i := range passwd {
index, _ := rand.Int(rand.Reader, big.NewInt(int64(len(codeModel))))
passwd[i] = codeModel[int(index.Int64())]
}
return string(passwd)
}
var realPassword = GetPassword(4, "num")
func main() {
r := gin.Default()
r.GET("/hello", func(c *gin.Context) {
//设置默认值
password := c.DefaultQuery("password", "")
//获取url里的user参数
password = c.Query("password")
fmt.Println("realPassword:", realPassword)
if password == realPassword {
c.JSON(200, gin.H{
"GET": GetTime(),
"your_password": password,
"real_password": realPassword,
"result": "密码正确",
})
} else {
c.JSON(200, gin.H{
"GET": GetTime(),
"your_password": password,
"real_password": realPassword,
"result": "密码错误",
})
}
})
// 监听并在 0.0.0.0:8888 上启动服务
_ = r.Run("0.0.0.0:8888")
}
2、构建镜像:
docker build -t gin-img .
3、启动容器:
docker run --name test-gin -p 8888:8888 -d gin-img
4、浏览器访问:http://ip:8888/hello
5、python访问破解:
# -*- coding: utf-8 -*-
# time: 2022/11/6 11:03
# file: password-demo.py
# 公众号: 玩转测试开发
import time
import requests
import itertools
def guess_password(password):
url = "http://ip:8888/hello"
data = {"password": password}
response = requests.get(url, params=data).json()
print(response)
if response["result"] == "密码正确":
return True
else:
return False
if __name__ == '__main__':
data = "0123456789"
num = 0
password_length = 4
password_list = []
for i in itertools.product(data, repeat=password_length):
guess = "".join(i)
password_list.append(guess)
start = time.time()
for i in password_list:
if guess_password(i):
break
end = time.time()
print(f"破解耗时:{round(end - start, 2)}秒")
6、破解执行结果:
压缩包破解密码案例:
1、创建一个zip包,并设置是需要密码
2、手动解压的时候,确认是需要密码的
3、案例源码:
# -*- coding: utf-8 -*-
# time: 2022/11/6 11:03
# file: password-demo.py
# 公众号: 玩转测试开发
import time
import zipfile
import itertools
def extract(password, file):
try:
password = str(password)
file.extractall(path='.', pwd=password.encode('utf-8'))
print("the password is {}".format(password))
return True
except Exception as e:
pass
def main(password_length):
zip_file = zipfile.ZipFile(r"a.zip", 'r')
# 开始尝试
data = "0123456789"
num = 0
for i in itertools.product(data, repeat=password_length):
guess = "".join(i)
print(f"当前密码长度:{password_length}, 猜测的密码为:{guess},尝试次数:{num}。")
if extract(guess, zip_file):
print(f"当前密码长度:{password_length}, 猜测的密码为:{guess}。实际密码为:{guess},尝试次数:{num},破解成功。")
break
num += 1
if __name__ == '__main__':
start = time.time()
main(6)
end = time.time()
print(f"破解耗时:{round(end - start, 2)}秒")
4、执行结果:即只需要27秒左右即可破解6位数字密码的zip密码包。
破解后:解压出a.doc
即:理论极值下,暴力破解是可取的,但是条件及其苛刻,例如web的仅4位数字,就破解需要120多秒。6位大小写数字混合需要的时间则会增加几个数量级。