乐成率不高首要缘故起因有:
- web页面范例繁杂,很难精确获取并提交正确参数;
- 许多页面都有验证码,今朝这个小剧本还没法自动辨认验证码;
- 为了均衡时刻和服从,行使了较量简朴的用户名和暗码字典,以是轻微伟大的暗码就破解不出来了。
我一样平常会行使dirsearch或之类的目次列举器材,设置一个较量精练的打点靠山目次字典,对方针地点举办批量扫描打点靠山,然后再行使web_pwd_crack.py对这些靠山地点批量举办弱口令破解。
孝顺一个较量精简的打点靠山字典(100条)
- admin/default/login.asp
- admin/login.asp
- admin/manage/login.asp
- admin_login/login.asp
- admincp/login.asp
- administrator/login.asp
- login.asp
- manage/login.asp
- manager/login.asp
- member/login.asp
- admin-login.php
- admin/admin-login.php
- admin/admin_login.php
- admin/login.php
- admin2/login.php
- admin_area/login.php
- admin_login.php
- adminarea/login.php
- admincontrol/login.php
- administrator/login.php
- administratorlogin.php
- adminlogin.php
- autologin.php
- bb-admin/login.php
- blog/wp-login.php
- checklogin.php
- login.php
- modelsearch/login.php
- moderator/login.php
- nsw/admin/login.php
- pages/admin/admin-login.php
- panel-administracion/login.php
- processlogin.php
- rcjakar/admin/login.php
- relogin.php
- siteadmin/login.php
- sqlbuddy/login.php
- userlogin.php
- usuarios/login.php
- webadmin/login.php
- wp-login.php
- account/login.jsp
- accounts/login.jsp
- admin/login.jsp
- auth/login.jsp
- jsp/extension/login.jsp
- login.jsp
- member/login.jsp
- members/login.jsp
- portalAppAdmin/login.jsp
- admin.jsp
- netadmin.jsp
- admin.php
- admin.php3
- admin/admin.php
- admin_area/admin.php
- adminarea/admin.php
- authadmin.php
- bb-admin/admin.php
- checkadmin.php
- cmsadmin.php
- dbadmin.php
- fileadmin.php
- isadmin.php
- linusadmin-phpinfo.php
- memberadmin.php
- moadmin.php
- modelsearch/admin.php
- moderator/admin.php
- panel-administracion/admin.php
- phpliteadmin.php
- siteadmin.php
- sysadmin.php
- tmp/admin.php
- ur-admin.php
- user/admin.php
- users/admin.php
- webadmin.php
- webadmin/admin.php
- wp-content/plugins/akismet/admin.php
- admin.asp
- admin.aspx
- admin/default/admin.asp
- admin/manage/admin.asp
- admin_login/admin.asp
- administrator/admin.asp
- article/admin/admin.asp
- denglu/admin.asp
- guanli/admin.asp
- houtai/admin.asp
- login/admin/admin.asp
- manage/admin.asp
- manager/admin.asp
- member/admin.asp
- admin/logon.jsp
- admin/secure/logon.jsp
- compass/logon.jsp
- logon.jsp
- logon/logon.jsp
ToDo
- 验证码辨认
- 镌汰误报率
- 优化编码处理赏罚
- 能不那么low
【编辑保举】 - TP-Link 不回应,安详工程师果真了其路由器裂痕
- 关于CVE-2019-9766缓冲区溢出裂痕的渗出模块编写与测试
- 研究发明HTTPS也不靠谱 5.5%含有TLS裂痕
- APT战役中剧本进攻的兵法之道
- 不启动都躺枪,IE 新裂痕可致用户数据泄漏
【责任编辑:赵宁宁 TEL:(010)68476606】
点赞 0 (编辑:河北网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|