我是一名正在学习脚本语言课程的大三学生,假设在一个学期内用中级bash,perl和python吐出来。由于课程加速,我们可以快速加快主题,如果我们有问题,我们的教授会认可使用论坛来补充我们的学习。
我目前正在完成第一项任务。要求是使用提供的单词列表创建一个非常简单的字典攻击" linux.words"和基本的暴力攻击。暴力需要补偿4个字母字符串的任何组合。
我已经使用print语句来检查我的逻辑是否合理,而且似乎是这样。如果您对如何改进我的逻辑有任何建议,我在这里学习,我很满意。
如果相关,这是在Ubuntu v12.04上。
我试过用一个像unicorn这样的直接单词替换调用中的标量,它运行正常,显然是错误的密码,并且它正确返回。我在终端和脚本本身都做过这个。在将我介绍给论坛之前,我的教授已经查看了他可以用的15分钟,并说它看起来不错。他怀疑自从我使用Notepad ++编写代码后,可能会有隐藏的字符。我使用vim直接在终端重写了代码,它给出了同样的错误。下面粘贴的代码来自vim。
我的实际问题是我的系统调用给了我一些问题。它返回帮助函数,用于解压缩,显示用法和其他帮助材料。
这是我的代码。
#!/usr/bin/perl
use strict;
use warnings;
#Prototypes
sub brute();
sub dict();
sub AddSlashes($);
### ADD SLASHES ###
sub AddSlashes($)
{
my $text = shift;
$text =~ s/\\/\\\\/g;
$text =~ s/'/\\'/g;
$text =~ s/"/\\"/g;
$text =~ s/\\0/\\\\0/g;
return $text;
}
### BRUTEFORCE ATTACK ###
sub brute()
{
print "Bruteforce Attack...\n";
print "Press any key to continue.\n";
if (<>)
{
#INCEPTION START
my @larr1 = ('a'..'z'); #LEVEL 1 +
foreach (@larr1)
{
my $layer1 = $_; #LEVEL 1 -
my @larr2 = ('a'..'z'); #LEVEL 2 +
foreach (@larr2)
{
my $layer2 = $_; # LEVEL 2 -
my@larr3 = ('a'..'z'); #LEVEL 3 +
foreach (@larr3)
{
my $layer3 = $_; #LEVEL 3 -
my@larr4 = ('a'..'z'); #LEVEL 4 +
foreach (@larr4)
{
my $layer4 = $_;
my $pass = ("$layer1$layer2$layer3$layer4");
print ($pass); #LEVEL 4 -
}
}
}
}
}
}
### DICTIONARY ATTACK ###
sub dict()
{
print "Dictionary Attack...\n"; #Prompt User
print "Provide wordlist: ";
my $uInput = "";
chomp($uInput = <>); #User provides wordlist
(open IN, $uInput) #Bring in wordlist
or die "Cannot open $uInput, $!"; #If we cannot open file, alert
my @dict = <IN>; #Throw the wordlist into an array
foreach (@dict)
{
print $_; #Debug, shows what word we are on
#next; #Debug
my $pass = AddSlashes($_); #To store the $_ value for later use
#Check pass call
my $status = system("unzip -qq -o -P $pass secret_file_dict.zip > /dev/null 2>&1"); #Return unzip system call set to var
#Catch the correct password
if ($status == 0)
{
print ("Return of unzip is ", $status, " and pass is ", $pass, "\n"); #Print out value of return as well as pass
last;
}
}
}
### MAIN ###
dict();
exit (0);
这是我的错误
See "unzip -hh" or unzip.txt for more help. Examples:
unzip data1 -x joe => extract all files except joe from zipfile data1.zip
unzip -p foo | more => send contents of foo.zip via pipe into program more
unzip -fo foo ReadMe => quietly replace existing ReadMe if archive file newer
aerify
UnZip 6.00 of 20 April 2009, by Debian. Original by Info-ZIP.
Usage: unzip [-Z] [-opts[modifiers]] file[.zip] [list] [-x xlist] [-d exdir]
Default action is to extract files in list, except those in xlist, to exdir;
file[.zip] may be a wildcard. -Z => ZipInfo mode ("unzip -Z" for usage).
-p extract files to pipe, no messages -l list files (short format)
-f freshen existing files, create none -t test compressed archive data
-u update files, create if necessary -z display archive comment only
-v list verbosely/show version info -T timestamp archive to latest
-x exclude files that follow (in xlist) -d extract files into exdir
modifiers:
-n never overwrite existing files -q quiet mode (-qq => quieter)
-o overwrite files WITHOUT prompting -a auto-convert any text files
-j junk paths (do not make directories) -aa treat ALL files as text
-U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields
-C match filenames case-insensitively -L make (some) names lowercase
-X restore UID/GID info -V retain VMS version numbers
-K keep setuid/setgid/tacky permissions -M pipe through "more" pager
-O CHARSET specify a character encoding for DOS, Windows and OS/2 archives
-I CHARSET specify a character encoding for UNIX and other archives
See "unzip -hh" or unzip.txt for more help. Examples:
unzip data1 -x joe => extract all files except joe from zipfile data1.zip
unzip -p foo | more => send contents of foo.zip via pipe into program more
unzip -fo foo ReadMe => quietly replace existing ReadMe if archive file newer
aerifying
显然不完整。在主要我将切换brute();对于dict();根据需要进行测试。一旦我将系统调用工作,我将把它扔进粗暴部分。
如果您需要我详细说明我的问题,请告诉我。我专注于学习,所以请为你回复的任何事情添加白痴证明评论。
答案 0 :(得分:0)
首先:不要使用PERL&#39; S原型。他们不会做你或你的教授可能希望他们做的事。
第二:不要写自制的逃避例程,例如AddSlashes。 Perl有quotemeta。使用它。
您的问题不在于特定的编程语言。你的教授花了多少时间处理你的问题,你参加了多少课程与问题无关。专注于实际问题,而不是所有无关的东西&#34;。
例如, sub brute的重点是什么?你没有在这个脚本中调用它,它与你的问题无关,所以不要发布它。将问题缩小到最小的相关部分。
不要在dict正文中提示wordlist文件。将功能分成咬合大小的块,以便在每个上下文中您可以专注于手头的问题。您的dict_attack子例程应该接收文件句柄或对单词数组的引用。为了减少内存占用,我们假设它是一个文件句柄(因此您不必将整个wordlist保留在内存中)。
所以,你的main看起来像是:
sub main {
# obtain name of wordlist file
# open wordlist file
# if success, call dict_attack with filehandle
# dict_attack returns password on success
}
现在,您可以专注于dict_attack。
#!/usr/bin/perl
use strict;
use warnings;
main();
sub dict_attack {
my $dict_fh = shift;
while (my $word = <$dict_fh>) {
$word =~ s/\A\s+//;
$word =~ s/\s+\z//;
print "Trying $word\n";
my $pass = quotemeta( $word );
my $cmd = "unzip -qq -o -P $pass test.zip";
my $status = system $cmd;
if ($status == 0) {
return $word;
}
}
return;
}
sub main {
my $words = join("\n", qw(one two three four five));
open my $fh, '<', \$words or die $!;
if (my $pass = dict_attack($fh)) {
print "Password is '$pass'\n";
}
else {
print "Not found\n";
}
return;
}
输出:
C:\...> perl y.pl Trying one Trying two Trying three Trying four Trying five Password is 'five'