|
|
本帖最后由 红颜世家、 于 2015-4-16 18:52 编辑
- https://www.52hb.com/member.php?mod=logging&action=login&infloat=yes&handlekey=login&referer=http%3A%2F%2Fwww.xuepojie.com%2F&inajax=1&ajaxtarget=fwin_content_login
通过抓包获取的登录地址
精简后得到
- https://www.52hb.com/member.php?mod=logging&action=login&infloat=yes&handlekey=login
我们直接继续抓包登录
- POST /member.php?mod=logging&action=login&loginsubmit=yes&handlekey=login&loginhash=Lm0Z0&inajax=1 HTTP/1.1
- Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-xpsdocument, */*
- Referer: https://www.52hb.com/member.php?mod=logging&action=login&infloat=yes&handlekey=login
- Accept-Language: zh-cn
- User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)
- Content-Type: application/x-www-form-urlencoded
- Accept-Encoding: gzip, deflate
- Host: www.xuepojie.com
- Content-Length: 238
- Connection: Keep-Alive
- Cache-Control: no-cache
- Cookie: xSCm_2132_seccode=479.3c3c31decfabe04085; xSCm_2132_saltkey=sLPj223U; xSCm_2132_lastvisit=1429174645; xSCm_2132_sid=KOblBJ; xSCm_2132_lastact=1429178246%09misc.php%09seccode; xSCm_2132_sendmail=1; pgv_info=ssi=s7824260390; pgv_pvi=8817606392
- formhash=f52cd4b4&referer=http%3A%2F%2Fwww.xuepojie.com%2F.%2F&username=%BA%EC%D1%D5%CA%C0%BC%D2%A1%A2&password=b58ba*******************79d99021&questionid=0&answer=&seccodehash=cSKOblBJ&seccodemodid=member%3A%3Alogging&seccodeverify=ejfe
我们确定了关键参数有
- formhash=f52cd4b4
- username=%BA%EC%D1%D5%CA%C0%BC%D2%A1%A2我的名字
- password=b58ba*******************79d99021 我的密码
- seccodehash=cSKOblBJ
- seccodeverify=ejfe 验证码
我们查找js得到
- /*
- [Discuz!] (C)2001-2099 Comsenz Inc.
- This is NOT a freeware, use is subject to license terms
- $Id: md5.js 29228 2012-03-30 01:46:00Z monkey $
- */
- var hexcase = 0;
- var chrsz = 8;
- function hex_md5(s){
- return binl2hex(core_md5(str2binl(s), s.length * chrsz));
- }
- function core_md5(x, len) {
- x[len >> 5] |= 0x80 << ((len) % 32);
- x[(((len + 64) >>> 9) << 4) + 14] = len;
- var a = 1732584193;
- var b = -271733879;
- var c = -1732584194;
- var d = 271733878;
- for(var i = 0; i < x.length; i += 16) {
- var olda = a;
- var oldb = b;
- var oldc = c;
- var oldd = d;
- a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
- d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
- c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
- b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
- a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
- d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
- c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
- b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
- a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
- d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
- c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
- b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
- a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
- d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
- c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
- b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
- a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
- d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
- c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
- b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
- a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
- d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
- c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
- b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
- a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
- d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
- c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
- b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
- a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
- d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
- c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
- b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
- a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
- d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
- c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
- b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
- a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
- d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
- c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
- b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
- a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
- d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
- c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
- b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
- a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
- d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
- c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
- b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
- a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
- d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
- c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
- b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
- a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
- d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
- c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
- b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
- a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
- d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
- c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
- b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
- a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
- d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
- c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
- b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
- a = safe_add(a, olda);
- b = safe_add(b, oldb);
- c = safe_add(c, oldc);
- d = safe_add(d, oldd);
- }
- return Array(a, b, c, d);
- }
- function md5_cmn(q, a, b, x, s, t) {
- return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
- }
- function md5_ff(a, b, c, d, x, s, t) {
- return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
- }
- function md5_gg(a, b, c, d, x, s, t) {
- return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
- }
- function md5_hh(a, b, c, d, x, s, t) {
- return md5_cmn(b ^ c ^ d, a, b, x, s, t);
- }
- function md5_ii(a, b, c, d, x, s, t) {
- return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
- }
- function safe_add(x, y) {
- var lsw = (x & 0xFFFF) + (y & 0xFFFF);
- var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
- return (msw << 16) | (lsw & 0xFFFF);
- }
- function bit_rol(num, cnt) {
- return (num << cnt) | (num >>> (32 - cnt));
- }
- function str2binl(str) {
- var bin = Array();
- var mask = (1 << chrsz) - 1;
- for(var i = 0; i < str.length * chrsz; i += chrsz) {
- bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%32);
- }
- return bin;
- }
- function binl2hex(binarray) {
- var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
- var str = "";
- for(var i = 0; i < binarray.length * 4; i++) {
- str += hex_tab.charAt((binarray[i>>2] >> ((i%4)*8+4)) & 0xF) + hex_tab.charAt((binarray[i>>2] >> ((i%4)*8 )) & 0xF);
- }
- return str;
- }
- var pwmd5log = new Array();
- function pwmd5() {
- if(!$(pwmd5.arguments[0]) || $(pwmd5.arguments[0]).value == '') {
- return;
- }
- numargs = pwmd5.arguments.length;
- for(var i = 0; i < numargs; i++) {
- if(!pwmd5log[pwmd5.arguments[i]] || $(pwmd5.arguments[i]).value.length != 32) {
- pwmd5log[pwmd5.arguments[i]] = $(pwmd5.arguments[i]).value = hex_md5($(pwmd5.arguments[i]).value);
- }
- }
- }
接下来我们开始寻找formhash和seccodehash
在https://www.52hb.com/member.p ... yes&handlekey=login找到了formhash和seccodehash
- <input type="hidden" name="formhash" value="f52cd4b4" />
- <span id="seccode_cSKOblBJ"></span><span class="Apple-tab-span" style="white-space:pre"> </span>
接下来我们找验证码
找到了= =
- https://www.52hb.com/misc.php?mod=seccode&update=36618&idhash=cSKOblBJ
地址是这个
我们看看idhash从哪里来的
idhash就是seccodehash、
- https://www.52hb.com/misc.php?mod=seccode&action=update&idhash=cSKOblBJ&0.05027298083679693&modid=member::logging
这个是获取图片的地址
接下来我们就全部找全了
开始做吾爱汇编论坛的post吧
在https://www.52hb.com/member.p ... hash=Lm0Z0&inajax=1
我们发现还有loginhash=Lm0Z0
再找一下
依然在页面里
代码为
我们写代码吧
|
评分
-
| 参与人数 27 | 威望 +1 |
HB +74 |
THX +25 |
收起
理由
|
|
消逝的过去
| |
|
+ 1 |
|
|
af521
| |
|
+ 1 |
|
|
agan8888
| |
|
+ 1 |
|
|
ding520
| |
+ 1 |
|
<span class="text2Link">[吾爱汇编论坛<a target="_blank">52HB.COM</a>]-学破解防破解,知进攻懂防守!</span>. |
|
playboy
| |
+ 1 |
|
|
|
相忘於江湖
| |
+ 3 |
+ 1 |
学破解论坛1周年了,感谢大家的付出与关注。学破解论坛助你呼风唤雨!!! |
|
Jrack泽
| |
+ 1 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
happy288
| |
+ 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
vigers
| |
+ 2 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
命运
| |
+ 5 |
+ 1 |
可不可以不要这么牛 |
|
374237370
| |
+ 2 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
有何不可
| |
+ 1 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
哎呦呦
| |
+ 5 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
轻轻不语
| |
+ 2 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
逍遥枷锁
| |
+ 4 |
+ 1 |
好人有好报!你的热心我永远不忘!谢谢! |
|
Keep
| |
+ 3 |
+ 1 |
好人有好报!你的热心我永远不忘!谢谢! |
|
明明是错
| |
+ 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
wjm219
| |
+ 1 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
自然卷。
| |
+ 5 |
+ 1 |
源码请发上来,~~我有签到的post,我就是不会登录的post |
|
Bei_eec
| |
+ 2 |
+ 1 |
-------- |
|
China小二
| |
+ 6 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
Mrsin
| |
+ 6 |
+ 1 |
会写post 的人都是不简单的人 |
|
Shark恒
| + 1 |
+ 10 |
+ 1 |
很有耐心啊!赞! |
|
虚竹
| |
+ 5 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
飞行太保
| |
+ 1 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
|
幼稚园杀手
| |
+ 2 |
+ 1 |
评分=感恩!简单却充满爱!感谢您的作品! |
|
闪耀
| |
+ 4 |
+ 1 |
★★★★★ 热心人,佛祖保佑你事事顺利 ,财源滚滚!!! |
查看全部评分
|
[复制链接]
|RSS|手机版|小黑屋|帮助|吾爱汇编
( 
京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图
窥视卡
雷达卡
沙发。
这也能给威望,那我把我的评分软件开源给不给我个精华咧
楼主这么帅 我们都惊呆了!
不会写,求源码,~