Skip to content

Commit 23f1753

Browse files
hktalenthktalent
committed
更新、调整 2022-10-07
1 parent 09a9261 commit 23f1753

File tree

35 files changed

+1228
-508
lines changed

35 files changed

+1228
-508
lines changed

brute/admin_brute.go

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,14 @@ import (
1111

1212
var SkipAdminBrute bool
1313

14+
var UserReg = regexp.MustCompile(`(?i)<input.*?name=['"]([^'"]*(name|user|uid|login|mail|log|account)[^'"]*).*?>`)
15+
var PswdReg = regexp.MustCompile(`(?i)<input.*?name=['"]([^'"]*(pass|pwd|word|mima|password|mm)[^'"]*).*?>`)
16+
var actionReg = regexp.MustCompile(`<form.*?action=['"](.*?)['"]`)
17+
18+
/*
19+
loginMailbox
20+
loginPassword
21+
*/
1422
func getinput(inputurl string) (usernamekey string, passwordkey string, loginurl string, ismd5 bool) {
1523
usernamekey = "username"
1624
passwordkey = "password"
@@ -37,25 +45,15 @@ func getinput(inputurl string) (usernamekey string, passwordkey string, loginurl
3745
return "", "", "", false
3846
}
3947
}
40-
usernamelist := regexp.MustCompile(`<input.*?name=['"]([\w\[\]]*?name[\w\[\]]*?|[\w\[\]]*?Name[\w\[\]]*?|[\w\[\]]*?user[\w\[\]]*?|[\w\[\]]*?User[\w\[\]]*?|[\w\[\]]*?USER[\w\[\]]*?)['"].*?>`).FindStringSubmatch(req.Body)
48+
usernamelist := UserReg.FindStringSubmatch(req.Body)
4149
if usernamelist != nil {
4250
usernamekey = usernamelist[len(usernamelist)-1:][0]
43-
} else {
44-
usernamelist2 := regexp.MustCompile(`<input.*?name=['"]([\w\[\]]*?log[\w\[\]]*?|[\w\[\]]*?Log[\w\[\]]*?|[\w\[\]]*?LoG[\w\[\]]*?|[\w\[\]]*?LOG[\w\[\]]*?|[\w\[\]]*?account[\w\[\]]*?|[\w\[\]]*?Account[\w\[\]]*?)['"].*?>`).FindStringSubmatch(req.Body)
45-
if usernamelist2 != nil {
46-
usernamekey = usernamelist2[len(usernamelist2)-1:][0]
47-
}
4851
}
49-
passlist := regexp.MustCompile(`<input.*?name=['"]([\w\[\]]*?pass[\w\[\]]*?|[\w\[\]]*?Pass[\w\[\]]*?|[\w\[\]]*?PASS[\w\[\]]*?|[\w\[\]]*?pwd[\w\[\]]*?|[\w\[\]]*?Pwd[\w\[\]]*?|[\w\[\]]*?PWD[\w\[\]]*?)['"].*?>`).FindStringSubmatch(req.Body)
52+
passlist := PswdReg.FindStringSubmatch(req.Body)
5053
if passlist != nil {
5154
passwordkey = passlist[len(passlist)-1:][0]
52-
} else {
53-
passlist2 := regexp.MustCompile(`<input.*?name=['"]([\w\[\]]*?mima[\w\[\]]*?|[\w\[\]]*?word[\w\[\]]*?)['"].*?>`).FindStringSubmatch(req.Body)
54-
if passlist2 != nil {
55-
passwordkey = passlist2[len(passlist2)-1:][0]
56-
}
5755
}
58-
domainlist := regexp.MustCompile(`<form.*?action=['"](.*?)['"]`).FindStringSubmatch(req.Body)
56+
domainlist := actionReg.FindStringSubmatch(req.Body)
5957
if domainlist != nil {
6058
if action, err := url.Parse(strings.TrimSpace(domainlist[len(domainlist)-1:][0])); err == nil {
6159
loginurl = u.ResolveReference(action).String()
@@ -72,6 +70,8 @@ func getinput(inputurl string) (usernamekey string, passwordkey string, loginurl
7270
return usernamekey, passwordkey, loginurl, ismd5
7371
}
7472

73+
var LocationReg = regexp.MustCompile(`(.*?);`)
74+
7575
func Admin_brute(u string) (username string, password string, loginurl string) {
7676
if SkipAdminBrute {
7777
return "", "", ""
@@ -100,7 +100,7 @@ func Admin_brute(u string) (username string, password string, loginurl string) {
100100
case 301, 302, 307, 308:
101101
falseis302 = true
102102
if strings.Contains(adminfalseurl.Location, ";") {
103-
adminfalseurl.Location = regexp.MustCompile(`(.*);`).FindString(adminfalseurl.Location)
103+
adminfalseurl.Location = LocationReg.FindString(adminfalseurl.Location)
104104
}
105105
adminfalse302location = adminfalseurl.Location
106106
case 401:
@@ -124,7 +124,7 @@ func Admin_brute(u string) (username string, password string, loginurl string) {
124124
case 301, 302, 307, 308:
125125
falseis302 = true
126126
if strings.Contains(testfalseurl.Location, ";") {
127-
testfalseurl.Location = regexp.MustCompile(`(.*);`).FindString(testfalseurl.Location)
127+
testfalseurl.Location = LocationReg.FindString(testfalseurl.Location)
128128
}
129129
testfalse302location = testfalseurl.Location
130130
case 401:
@@ -173,7 +173,7 @@ func Admin_brute(u string) (username string, password string, loginurl string) {
173173
}
174174
if falseis302 {
175175
if strings.Contains(req.Location, ";") {
176-
req.Location = regexp.MustCompile(`(.*);`).FindString(req.Location)
176+
req.Location = LocationReg.FindString(req.Location)
177177
}
178178
if req.Location != adminfalse302location && req.Location != testfalse302location {
179179
sucesstestdata := fmt.Sprintf("%s=%s&%s=Qweasd123zxc", usernamekey, user, passwordkey)

0 commit comments

Comments
 (0)