Discuz/PHPBB/phpcmsv9等破解脚本
程序员文章站
2022-04-02 10:19:32
对于md5(md5(pass).slat)这样的加密,破解的难度大大增加,前面发了几篇后台的绕过,都需要session有效的情况下才行。
网上找了下 有人写了这类的脚本,但是是p...
对于md5(md5(pass).slat)这样的加密,破解的难度大大增加,前面发了几篇后台的绕过,都需要session有效的情况下才行。
网上找了下 有人写了这类的脚本,但是是php版本的,速度不行,自己写了一个多线程的破解脚本。
#!/usr/bin/env python
# -*- coding: cp936 -*-
#code by 花开、若相惜
#Pax.Mac Team
import hashlib
import Queue
from threading import Thread
import sys
import time
class End():
def __init__(self):
self.end = False
def Finish(self):
self.end = True
def GetEnd(self):
return self.end
class Connection(Thread):
def __init__(self,queue,TheEnd):
Thread.__init__(self)
self.queue = queue
self.TheEnd = TheEnd
def run(self):
while (not self.TheEnd.GetEnd()) and (not self.queue.empty()):
pwd = self.queue.get()
if exploit(pwd)==1:
print pwd
self.TheEnd.Finish()
def exploit(password):
encrypt="paxmac";
passmd5="232997126b4cbc244997d7c11136d469";
hashmd5=hashlib.md5((hashlib.md5(password).hexdigest()+encrypt)).hexdigest()
if hashmd5==passmd5:
res=1
else:
res=0
return res
def main():
queue=Queue.Queue()
TheEnd = End()
pwd_count = len(open('password.txt','rU').readlines())
print '你的密码条数:%d'%(pwd_count)
pwds = [line.rstrip() for line in open("password.txt")]
for pwd in pwds:
queue.put(pwd)
initsize = queue.qsize()
tested = 0
threads = 1 #修改线程处
for i in range(0,int(threads)):
Connection(queue,TheEnd).start()
while (not TheEnd.GetEnd()) and (not queue.empty()):
time.sleep(2)
actsize = queue.qsize()
speed = (initsize - tested - actsize) / 2
tested = initsize - actsize
print 'use %i password | Remaining %i password | Speed %i/sec' %(tested,actsize,speed)
if __name__ == '__main__':
main()
大概8.8W/S左右的破解速度,实在不行的情况下可以试试。
crackhash_1