JavaScript 暴力破解 Web 表单

发布于 2024-11-24 01:56:40 字数 677 浏览 1 评论 0原文

表单的屏幕截图

如果尝试错误,答案框上方会出现错误 说“答案不正确”。此外,我们还有无限数量的 尝试。

以上是包含详细信息的网站预览。

代码:

<form id="level" method="post"> 
    <label for="answer">Answer:</label> 
    <input type="text" name="answer" id="answer" /> 
    <input type="submit" name="submit" id="submit" value="Submit" /> 
</form>

所以在这里我们简单地知道表单没有操作源。 唯一的方法(我知道)是通过 javascript 进行破解。 就像用来发送垃圾邮件的 Facebook 和 Orkut 一样,我们必须将 javascript 放入 URI、地址栏中。

我已经构建了一个 javascript(用于地址栏)来链接到其他 javascript 文件。

如果有人知道一些在线 javascript 暴力脚本或可以通过 javascript 链接的在线内容。

screenshot of the form

Just above the answer box an error would appear on wrong attempt which
says "Incorrect Answer". Additionally we have unlimited number of
attempts.

Above is the website preview with detailed information.

Code:

<form id="level" method="post"> 
    <label for="answer">Answer:</label> 
    <input type="text" name="answer" id="answer" /> 
    <input type="submit" name="submit" id="submit" value="Submit" /> 
</form>

So simply here we get to know that the form does not have action source.
The only way (which I know) is to hack through javascript.
Like the one used to spam Facebook and Orkut, where we have to put in the javascript in URI, address bar.

I have built a javascript (for the address bar) to link to the other javascript files.

And if someone know some online javascript brute force script or something online that could be linked through javascript.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

倾城花音 2024-12-01 01:56:40

尽管我讨厌告诉人们如何做这类事情,但这是一个有趣的问题。

然而,我首先要说的是,暴力解决方案可能需要很长时间才能实现。如果解决方案有 8 个字符长,并且我们每秒尝试 100 万种可能性(一个非常乐观的假设),那么大约需要 5 年时间才能尝试所有可能性。

不过,这里有一些 Javascript 代码,您应该能够修改它们以满足您的需求:

var chars = ["a","b","c","d","e","f","g","h","i","j,","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"," "];
while(document.getElementById("answerResult").innerHtml != "Correct Answer"){
  var len = Math.floor(Math.random() * 20);
  var str = "";
  while(str.length < len){
    str += chars[Math.floor(Math.random() * chars.length)];
  }
  document.getElementId("answer").value = str;
  document.getElementById("level").submit();
}

该解决方案实际上并不使用暴力。它实现了类似于 bogosort 的方法。虽然更有趣、更简单,但可能需要更长的时间才能完成。如果你是一个非常幸运的人,它可能会在第一次迭代时得到解决。

As much as I hate to tell people how to do this sort of thing, it's an interesting problem.

I should say first, however, that a brute force solution will likely take too long to be practical. If the solution is 8 characters long, and we try 1 million possibilities per second (a very optimistic assumption), it would take about 5 years to try out all of the possibilities.

Nevertheless, here is some Javascript code that you should be able to modify to fit your needs:

var chars = ["a","b","c","d","e","f","g","h","i","j,","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"," "];
while(document.getElementById("answerResult").innerHtml != "Correct Answer"){
  var len = Math.floor(Math.random() * 20);
  var str = "";
  while(str.length < len){
    str += chars[Math.floor(Math.random() * chars.length)];
  }
  document.getElementId("answer").value = str;
  document.getElementById("level").submit();
}

This solution does not actually use brute force. It implements a method similar to bogosort. While more fun and simple, it may take a bit longer to finish. If you're an incredibly lucky person, it might be solved on the first iteration.

哎呦我呸! 2024-12-01 01:56:40

您需要找到它连接到的脚本。使用此 http://blog.getfirebug.com/ 2009/10/30/event-listener-view-for-firebug/ 查看与按钮关联的事件侦听器。您可能还需要下载 Firefox 的 javascript deobfuscator 插件 https:// addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/

You need to find the script it's connecting to. Use this http://blog.getfirebug.com/2009/10/30/event-listener-view-for-firebug/ to see what event listeners are associated with the button. You might also need to download a javascript deobfuscator plugin for firefox https://addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/

心碎无痕… 2024-12-01 01:56:40
static String seqToken(long value) {
        String[] digitsAlpabets = { "a", "b", "c", "d", "e", "f", "g", "h",
                "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t",
                "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5",
                "6", "7", "8", "9" };

        int codePoint = (int) (--value % 36);
        long higher = value / 36;
        String letter = digitsAlpabets[codePoint];
        return higher == 0 ? letter : seqToken(higher).concat(letter);
    }

根据需要更改字符集并相应地使用大小
获取序列生成器。

static String seqToken(long value) {
        String[] digitsAlpabets = { "a", "b", "c", "d", "e", "f", "g", "h",
                "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t",
                "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5",
                "6", "7", "8", "9" };

        int codePoint = (int) (--value % 36);
        long higher = value / 36;
        String letter = digitsAlpabets[codePoint];
        return higher == 0 ? letter : seqToken(higher).concat(letter);
    }

change the character set as you like and use the size accordingly
To get the sequence generator.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文