Hacking Book | Free Online Hacking Learning

Home

details determine success or failure

Posted by agaran at 2020-03-07
all

Recently the network is very bad to see the web pages will be card, wow is really angry. What's the difference between salted fish and me without Internet. Then I want to use my neighbor's WiFi, and.. I didn't come out from the fishing.

When I was about to change my WiFi, I saw my neighbor who needed to break the WiFi go downstairs and throw garbage. When I saw him throw out the express package, my mind suddenly thought of the mobile phone number, which I had not tried before, so I started my penetration.

process

I took his package home to have a look. My heart was cold. The information panel is basically out of sight and has worn out a lot. When I looked inside carefully, I found that there was a piece of paper in it, that is, the delivery note. After thinking for a while, I found that this thing can be used. The delivery note contains the customer's mobile phone and name, but the time of purchase, what they bought and the order number are all very detailed.

In this way, I went to Taobao to find this store, and then began to use customer service to retrieve all personal information of this person. Before that, I considered a variety of explanations to retrieve his personal information, such as I was purchasing on behalf of others, to see if I filled in the wrong address, didn't receive the goods, or sent the wrong goods, and so on. I said three words:

1. Hello, customer service

2、 I bought a thing here

3. I want to see if my personal information is wrong

4. Order number. As a result, customer service was awesome.

I started to crack his WiFi after I got it, but the result was still wrong.

At that time, I felt that he added something else, or was not a cell phone number at all. Then I simulated a dictionary for myself and tried to use the water drop in WiFi Max to run the bag, and the result was.. Come out.

wifislax

My intuition is right. Now too many applications need to be bound by mobile phones. You also know that pure digital passwords are not safe. When you enter a password, there will be a very conspicuous line on the web page, that is, don't use pure digital passwords.

Why can I go in? I've studied luck and guessing ability and the habit of setting passwords for you now.

The password is too simple and too many passwords can't be remembered. At this time, many people will choose their last name + mobile phone + punctuation to set the password. In this way, there will be a problem. Is the password of your other account the same?

姓氏+手机+标点符号

Because the mobile phone number involves personal information, I use other numbers instead. In the txt, the dictionary XXX generated by me is the last name. For example, Xiaoming man is xmn11111 adding punctuation and so on. At the same time, we need to see the punctuation positions on the mobile phone keyboard and computer keyboard. Why do we need to see this?

When inputting punctuation marks, people will consciously input the nearest symbol to the numeric keypad, so the password will be very consistent, and it is easy to associate. Association is that when I input a password quickly, I know the location of the password rather than want to input the password. In this way, we will not look for other punctuation symbols.

At this time, I entered the WiFi, which has no device online. Then we can't be ARP middleman and so on. That's too boring.

It occurred to me whether the router administrator password would be this password. At that time, I felt that the strength of this WiFi password can be used as a router password, and I went there for a while, but I still couldn't get in..

I'm desperate at this time..

Administrator password cracking on two commonly used blasting and fishing.

A burst is a password entered one by one to see if it is correct. Fishing is a fake administrator authentication interface to get the password. I chose to explode

Blasting process

Experimental environment

Quick Macro

Android simulator

It's really not easy to explode like this. We all know that any interface for inputting password may have measures to prevent explosion. Common explosion-proof methods, such as how many times a password is mistakenly input, appear the verification code and the limit of login times, etc.

The Xiaomi router we tested today is the same. The author is Xiaomi router. I have tried to enter the password randomly on the web page to see how many times there will be a reminder, three times will start, millet router will not appear a verification code, when you enter the password many times is wrong, he will directly not let you enter the background, it will take a while to use the background login again.

This is troublesome. Xiaomi router does not need to enter an account when logging into the background, so we can see a little hope.

As a result, I encountered another problem... I can't write scripts.. I wanted to ask someone to think about it. When there is a problem, you go to other people. Do you think about it?

It's someone else's script. It's not your own. What do you do if he doesn't know you when you have the same problem?

In this way, I want to get lost in meditation and think of the software that can replace the script languages such as C / C + + / py. That is, the key sprite is all Chinese and the design is simple. I fumbled for a while, then started to write and then the test was successful.

Of course, the environment is not the same and the parameters are not the same. You need to test yourself (the above is the process of entering a password. If you generate many, repeat the process. Of course, you can also use other commands in the key wizard).

Although it's not written well, it's OK for those of us who don't know script language to deal with this thing (learning a language will help a lot in the future, the author is learning C.

There will be a demonstration video in the article. The script process is as follows:

First, open the router background login interface, and then open your own script. The script input process is as follows:

1. Click the password box

2. Enter text

3. Delay for a while

4. Press to confirm the keypad

5. Delay for a while, because it will take a certain reaction time for you to enter the password and press login

6. If the password is correct, the script is still working, but it doesn't hinder us. We just need to close it. If you don't stop, it's like you don't open a place in the win system where you can type text. The system will send out a tone to let you know that there's no place for you to type text

7. If the password is wrong, the mouse must be in the password box, click 1-5 times to ensure that it can be input, and then press the clear key several times to see the number of password digits you set (here you can press 2-5 times more, for example, I input 15 digits in the script, the result is that the clear key only press 13 times, which is embarrassing. We want to prevent this kind of thing. The script is continuous pressing, which is basically that the computer can't recognize so many of them in such a short period of time,

8. In a certain time to respond to the web page, such a cycle completed the whole process of 9 script mouse is in the password box!!!! You can't move it or the script won't enter it.

These are the author's environments. If you make your own, you need to test them first and then use them. The variables set in different environments are also different. (the video shows the correct password input) although the key wizard is not as powerful as C / C + + / py, it's very good for people who can't write scripts to experience it. Sometimes the key wizard fails to confirm and input text, which depends on how the environment is written.

The webpage test is perfect, and the router blew me up (Xiaomi router will stop you from visiting this webpage if you input too many wrong passwords, wait for a while when the password is input three times wrong, and then it will enter more times like this).. While waiting for this router to enter for me, I thought of the app logging into the background, but I didn't try how to explode the app logging into the background, mainly because the app didn't know how to explode in the mobile phone. I found that app will not let you log in when entering wrong password many times, but the number of times limit is much less than the web end, but there will be a verification code. At this time, if I want to make use of this app, I will think that it is not necessary for the computer to play mobile games? Then the app can also run, so I downloaded an Android emulator and it still works

When I used the previous script to explode, I found a problem. The script didn't work. After studying for a while, I understand that our script is running in W10 and cannot be directly input. There will be a place where the script will run. It's like when we type on the web page, we suddenly switch to the game and you just type nothing

To solve this problem, you need to click on the password box and press any number. After entering the password, the app can't recognize the Enter key. This problem requires the mouse to press the login button, which is quite troublesome.

The solution I came up with was:

1. It's a password frame script that automatically clicks the mouse to enter a password

2. Click to login

3. Back to the password frame (time difference is needed here, if the password is correct, you need to stop manually)

4. If the password is wrong, clear it and repeat the process.

Last

I also recorded the video. This script works well, but there are also many disadvantages. For example, if there is no way to judge whether the password is correct, it will stop automatically, and sometimes it will appear that the input password will not press the OK key.

In a word, it's important to learn a language well. In the end, I also went in this WiFi, but there's nothing interesting. I wonder if this person's other passwords are the same. I used the WiFi password and the administrator password to test whether the password of logging in QQ and wechat result WiFi is the password of QQ and wechat (QQ has a device lock, wechat needs friend verification).

I just verified that the password is the password, and I didn't go in.. This person is really a representative of many people. It's normal for us to use multiple passwords. It's impossible for us to use different passwords for every software. Besides, many software now need mobile phone numbers for verification, which increases the use of mobile phone numbers as the main part of passwords.

The author recommends that you use different passwords on different platforms. If the password is not easy to remember, you can use a password management software. Although it will sacrifice our convenience for security, there is no way to classify the important software passwords. WiFi passwords can be more secure. I recommend symbols + 111111 + and 111 + 1111 + 111 I hope this article can give you a little penetrating inspiration. Usually, some ordinary things are more deadly than anything.

符号+111111+符号 111+符号1111+符号111 π