来源:蜘蛛抓取(WebSpider)
时间:2017-03-21 06:36
标签:
更改apple id密码
秒爆十万字典:奇葩技巧快速枚举“一句话后门”密码
对于一句话大家都不陌生,有时会需要爆破。爆破的速度和目标的响应速度就有很大的关系了。那如果我们爆破的速度可以提升至少1000倍呢?
首先如下图&
变量=echo &ok&;
如果这个变量等于密码的时候,我们的语句就会被传参带入执行,那如果我们批量提交(即a=echo &ok&;&b=echo &ok&;&c=echo &ok&;&&.)呢
只要我们提交的参数中含有实际的参数,就可被接收。
但是会有一定的限制&
Apache下 默认同时允许接收1000个参数
IIS下 默认同时允许接收5883个参数
注:可在配置文件中修改,以上情况是默认。
那就是说我们爆破的速度可以提升一千倍甚至五千多倍。从而实现秒爆10W字典甚至百万字典。
工具实现原理
例如Apache环境
1.导入10W字典后按照数量1000分割
这样如果密码存在于字典,100次即可探测到密码实际存在的位置
2.文本处理(定位)
把密码的位置 100行字典,循环判断首或单纯的循环 不到10次即可得到密码
所以10W的字典,实际最大提交理论上不会超过101次即可得到和跑10W次一样的效果。
那么IIS下速度就更快了,速度是Apache的五倍左右。既IIS环境爆破100W字典只需要30秒内即可完成。
看了 接地气写的《让你的一句话爆破速度提升千倍》一文后,觉得思路很666,于是写了个小工具。
可爆ASP/ASPX/PHP/JSP一句话:
实测爆破本地php一句话,近10万字典用时10秒左右。
由于JSP常用一句话特殊性,所以只能判断密码的区间,不能直接显示出结果,谁有好的想法,欢迎留言。
用工具实战了2天,解决了很多环境下的bug。
代码没有混淆,想看的反编译一下吧。
链接: /s/1pLbFUdl 密码: pony
【声明】:黑吧安全网()登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱,我们会在最短的时间内进行处理。
上一篇:【】【】What I want to get is the AppUserModelId of all installed StoreApp applications, so that I can pass it to IApplicationActivationManager-&ActivateApplication.
In Windows 8 it was stored in the Registry, but in Windows 10 it is not anymore.
There are a lot of questions about this in internet but even after days of searching I could not find a satisfying solution.
What I have so far is the following:
I create an instance of IPackageManager,
I call FindPackagesByUserSecurityId() with the SID of the current user,
I iterate through the returned collection
I get an IPackage interface
From that I get an IPackageId interface,
Then I call IPackageId-&get_FamilyName()
With that I have for example on Windows 10 for the Windows Calculator the string "Microsoft.WindowsCalculator_8wekyb3d8bbwe".
When I append to this string an "!App" I have the complete AppUserModelId to start the Windows Calculator: "Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"
But not all applications use an "!App" behind the FamilyName.
For example Spartan uses the AppUserModelId
"Microsoft.Windows.Spartan_cw5n1h2txyewy!Microsoft.Spartan.Spartan" which does not end with "!App". And when I replace "!Microsoft.Spartan.Spartan" with "!App" it will not start -> "This app does not support the contract specified".
So my question is where do I get the last missing part from?
I found a PowerShell code in internet () that seems to do something very similar:
Get-AppXPackage $PackageName -pv Package |
Get-AppxPackageManifest | % {
foreach($Application in $_.Package.Applications.Application) {
if($Application.Id -like $AppId) {
if($Protocol -and !($Application.Extensions.Extension.Protocol.Name | ? { ($_ + "://") -match (($Protocol -replace '\*','.*') + "(://)?") })) {
[PSCustomObject]@{
# Notice the secret magic property:
PSTypeName = "Microsoft.Windows.Appx.Application"
AppUserModelId = $Package.PackageFamilyName + "!" + $Application.Id
I really don't understand this cryptic PowerShell stuff, but one line seems interesting to me:
foreach($Application in $_.Package.Applications.Application)
This seems to enumerate Applications in a Package.
A comment in the same PowerShell code says:
# The full AppUserModelId is composed of the package name,
the publisher id, and the app id, such as
Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic
so what is missing is the $Application.Id.
If I could get an IAppInfo interface anyhow I could call IAppInfo-&get_Id() and I would be ready.
But I don't know how to get this from an IPackage in C++.
解决方案 Incredible that nobody has an idea!
This shows how Microsoft makes us life hard.
Such a universal task like enumerating the installed StoreApps with their AppUserModelId requires a cientific research department.
I finally came to a solution that works perfectly on Windows 8 and Windows 10. But a lot of code is required.
It seems that Windows does not hold the Application ID's in memory and there is no API to determine them directly. I studied all header files in the Windows 10 SDK and could not find a corresponding interface useful for that task.
But I found out how to get them. I continue after the 6 steps in my question:
call IPackage-&get_InstalledLocation() which returns an IStorageFolder.
QueryInterface for IStorageItem
call IStorageItem-&get_Path()
Now you have the path were the App is installed. Windows 10 uses two base folders:
C:\Program Files\WindowsApps
C:\Windows\SystemApps
and several others like
C:\Windows\vpnplugins
C:\Windows\devicesflow
C:\Windows\MicracastView
C:\Windows\PrintDialog
C:\Windows\PrintDialog3D
C:\Windows\WinStore
In the returned folder path you will find a file "AppxManifest.xml".
This file looks like:
&?xml version="1.0" encoding="utf-8"?&
&Package xmlns="....."&
&Applications&
&Application Id="microsoft.windowslive.mail" Executable="HxMail.exe" EntryPoint="Executable"&
&/Application&
&Application Id="microsoft.windowslive.calendar" Executable="HxCalendarAppImm.exe" EntryPoint="Executable"&
&/Application&
&/Applications&
&/Package&
And voilá, there they are. This package has two application ID's: "microsoft.windowslive.mail" and "microsoft.windowslive.calendar".
Then you take the package's FamilyName from step 6 append an "!" and append this ID and you are done.
This package can be started with IApplicationActivationManager-&ActivateApplication() using one of the
AppUserModelId's:
"microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar"
"microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail"
本文地址: &
我想是所有已安装的应用程序StoreApp的AppUserModelId,这样我可以把它传递给 IApplicationActivationManager-方式& ActivateApplication
在Windows 8中它被存储在注册表中,但在Windows 10就不会了。有很多关于这个在互联网,但即使我搜索无法找到一个令人满意的解决方案的天后问题。我至今如下:创建 IPackageManager 的一个实例,我称之为 FindPackagesByUserSecurityId()与当前用户的SID,我在返回的集合迭代我得到一个 IPackage 接口从我得到的 IPackageId 接口然后我称之为 IPackageId-> get_FamilyName() 使用我有例如在Windows 10的Windows计算器字符串“ Microsoft.WindowsCalculator_8wekyb3d8bbwe ”当我追加到该字符串的“应用!”我有完整的AppUserModelId启动Windows计算器:“ 微软。 WindowsCalculator_8wekyb3d8bbwe!应用 “但并不是所有的应用程序都使用一个“!应用”背后的FamilyName。例如斯巴达使用AppUserModelId“
Microsoft.Windows.Spartan_cw5n1h2txyewy!Microsoft.Spartan.Spartan
”这不是结束“!应用“。而当我替换“ Microsoft.Spartan.Spartan !”有“应用!”它不会启动 - >“这个应用程序不支持指定的“重合同。我的问题是我在哪里,从获得最后缺失的部分?我发现在互联网上的PowerShell code(),似乎做的非常类似:
GET-AppXPackage $ PACKAGENAME -pv包装|
GET-AppxPackageManifest | %{
的foreach(在$ $ _应用。Package.Applications.Application){
如果($ Application.Id样的AppId $){
如果($协议-and($ Application.Extensions.Extension.Protocol.Name | {($ _ +!?:'*'“//”)-match(($协议-replace'\\ *')+ “?(://)”)})){
[PSCustomObject] @ {
#注意秘密法宝属性:
PSTypeName =“Microsoft.Windows.Appx.Application”
AppUserModelId = $ Package.PackageFamilyName +“!” + $ Application.Id
} 我真的不明白这神秘的PowerShell的东西,但一条线似乎对我有意思: 的foreach(在$ $ _应用。Package.Applications.Application) 这似乎枚举应用程序软件包。在同一PowerShell的code注释说: #全AppUserModelId由包名,发布者ID和应用程序ID,如Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic 那么,什么是缺少的是 $ Application.Id 。如果我能得到一个 IAppInfo 接口,无论如何我可以打电话给 IAppInfo-> get_Id(),我会准备好了。但我不知道如何从一个 IPackage 用C得到此++。解决方案 难以置信,没有人有一个想法!这说明微软是如何使我们的生活困难。像这样的列举与他们AppUserModelId安装StoreApps一个普遍的任务需要一个系统求解的研究部门。我终于来到了完美的作品在Windows 8和Windows 10,但需要大量的code的解决方案。看来,Windows不保留在内存中应用程序的ID并没有API直接决定他们。我研究了所有的头文件在Windows 10 SDK,找不到该任务有用相应的接口。不过,我发现了如何得到它们。我继续我的问题的6个步骤后:通话 IPackage-方式& get_InstalledLocation()返回一个 IStorageFolder
的QueryInterface
IStorageItem
通话 IStorageItem-> get_Path() 现在你有被安装路径的应用程序。窗10使用两基文件夹: C:\\ Program Files文件\\ WindowsApps
C:\\ WINDOWS \\ SystemApps 和其他几个人喜欢 C:\\ WINDOWS \\ vpnplugins
C:\\ WINDOWS \\ devicesflow
C:\\ WINDOWS \\ MicracastView
C:\\ WINDOWS \\ PrintDialog类 C:\\ WINDOWS \\ PrintDialog3D
C:\\ WINDOWS \\ WinStore 在返回的文件夹路径,你会发现一个文件“ AppxManifest.xml ”。这个文件看起来像: <?XML版本=“1.0”编码=“UTF-8”&GT?;<包装的xmlns =“.....”>
<应用>
&应用ID为“microsoft.windowslive.mail”可执行=“HxMail.exe”入口点=“可执行”>
< /用途&
&应用ID为“microsoft.windowslive.calendar”可执行=“HxCalendarAppImm.exe”入口点=“可执行”>
< /用途&
< /应用>< /包装及GT; ,瞧,它们在那里。这个包有两个应用程序ID的:“ microsoft.windowslive.mail ”和“ microsoft.windowslive.calendar ”然后你从第6步追加一个包的FamilyName“!”而这个ID追加和你做。此包可与启动 IApplicationActivationManager-> ActivateApplication()使用的AppUserModelId的一项:\"microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar\"“ microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail ”
本文地址: &
扫一扫关注官方微信先谈Java中的枚举
的枚举之前,我们先来讲讲关于 Java
里面的枚举(相信对于广大程序猿来说都是很熟悉):
关键词定义
public enum WeekDay{...}
无法再继承其他类或者枚举(但是可以实现接口),因为它默认继承了 java.lang.Enum
无法在外部调用枚举的构造函数(因为枚举的构造函数都是私有的,只有内部才能调用)
枚举其实是一组 int
常量(当初它就是因为使用 int
常量的需求很大才又了枚举),它还可以在 swtich
中很方便的使用
每个枚举变量还可以重写枚举类或者实现接口中的方法(这个蛮好用)
public enum WeekDay{Mon{ @Override public String say(){return &monday&;}},Tue{ @Override public String say(){return &tuesday&;}};public String say(){return &&;}}
…(我也不知道了-_-)
再看Scala中的枚举
你会发现,上面说的一切在 Scala
中其实并没有甚么卵用-_-,因为在 Scala
中压根就么有 enum
这个关键词,但是当初发明 Scala
大神兼 Java
的创始人并没有落下枚举。
不用关注枚举的特别语法,取而代之的是标准库中的类: scala.Enumeration
object Main extends App {
object WeekDay extends Enumeration {
type WeekDay = Value//这里仅仅是为了将Enumration.Value的类型暴露出来给外界使用而已
val Mon, Tue, Wed, Thu, Fri, Sat, Sun = Value//在这里定义具体的枚举实例
import WeekDay._
def isWorkingDay(d: WeekDay) = ! (d == Sat || d == Sun)
WeekDay.values filter isWorkingDay foreach println//使用语法糖进行输出}
上述是源码中给的一个枚举Example,可以发现:
它是一个伴随对象
需要显式得继承 Enumeration
具体的枚举实例都是需要赋值成 Value
这个对象(它是在超类中定义)
Enumeration源码分析
构造函数以有变量
/** Defines a finite set of values specific to the enumeration. Typically * these values enumerate all possible forms something can take and provide * a lightweight alternative to case classes. * * Each call to a `Value` method adds a new unique value to the enumeration. * To be accessible, these values are usually defined as `val` members of * the evaluation. * * All values in an enumeration share a common, unique type defined as the * `Value` type member of the enumeration (`Value` selected on the stable * identifier path of the enumeration instance). * * @param initial The initial value from which to count the integers that * identifies values at run-time. * @author Matthias Zenger */@SerialVersionUID(3817230L)abstract class Enumeration (initial: Int) extends Serializable {
thisenum =&
def this() = this(0)
/** The mapping from the integer used to identify values to the actual * values. */
private val vmap: mutable.Map[Int, Value] = new mutable.HashMap
/** The cache listing all values of this enumeration. */
@transient private var vset: ValueSet = null
@transient @volatile private var vsetDefined = false
/** The mapping from the integer used to identify values to their * names. */
private val nmap: mutable.Map[Int, String] = new mutable.HashMap
/** The values of this enumeration as a set. */
def values: ValueSet = {
if (!vsetDefined) {
vset = (ValueSet.newBuilder ++= vmap.values).result()
vsetDefined = true
/** The integer to use to identify the next created value. */
protected var nextId: Int = initial
/** The string to use to name the next created value. */
protected var nextName: Iterator[String] = _
private def nextNameOrNull =
if (nextName != null && nextName.hasNext) nextName.next else null
/** The highest integer amongst those used to identify values in this * enumeration. */
private var topId = initial
/** The lowest integer amongst those used to identify values in this * enumeration, but no higher than 0. */
private var bottomId = if(initial & 0) initial else 0
/** The one higher than the highest integer amongst those used to identify * values in this enumeration. */
final def maxId = topId
上面是洋洋洒洒贴了 Enumeration
类在 Scala
中的部分源码,从中大致可以看到这么几个关键点:
它提供了一个轻量级的枚举类
初始化变量为整个枚举实例的容量,但是它在运行时可以变化
:非常重要的一个变量,它是存储了枚举id和枚举值之间的映射容器。
:也是蛮重要的一个变量,存储了枚举id和枚举名称的容器
:所有带Id后缀的变量都是为了维护整个枚举的序号
其他就是提供了各种迭代器,用于取值的东西
Value类的相关定义
/** The type of the enumerated values. */@SerialVersionUID(5234129L)abstract class Value extends Ordered[Value] with Serializable {/** the id and bit location of this enumeration value */def id: Int/** a marker so we can tell whose values belong to whom come reflective-naming time */private[Enumeration] val outerEnum = thisenumoverride def compare(that: Value): Int =
if (this.id & that.id) -1
else if (this.id == that.id) 0
else 1override def equals(other: Any) = other match {
case that: Enumeration#Value
=& (outerEnum eq that.outerEnum) && (id == that.id)
=& false}override def hashCode: Int = id.##/** Create a ValueSet which contains this value and another one */def + (v: Value) = ValueSet(this, v)}
在源码的Example中可以看到所有的枚举都是被赋值为 Value
类型,从上面的源码中可以看到 Value
类是一个抽象类,看它的内容只是提供了枚举值比较以及id的获取,在 Enumeration
源码中提供了一个叫 Val
的类对 Value
实现,重要是重写了整数命名和id的识别。
/** A class implementing the [[scala.Enumeration.Value]] type. This class* can be overridden to change the enumeration's naming and integer* identification behaviour.*/@SerialVersionUID(0 - 8116017L)protected class Val(i: Int, name: String) extends Value with Serializable {def this(i: Int)
= this(i, nextNameOrNull)def this(name: String) = this(nextId, name)def this()
= this(nextId)//to do many things.}
Value方法的定义
请注意,请注意,Example中的第4行、第5行的 Value
,前者是类,后者是方法(括号省略了而已)
/** Creates a fresh value, part of this enumeration. */protected final def Value: Value = Value(nextId)/** Creates a fresh value, part of this enumeration, identified by the* integer `i`.** @param i An integer that identifies this value at run-time. It must be* unique amongst all values of the enumeration.* @return Fresh value identified by `i`.*/protected final def Value(i: Int): Value = Value(i, nextNameOrNull)/** Creates a fresh value, part of this enumeration, called `name`.** @param name A human-readable name for that value.* @return Fresh value called `name`.*/protected final def Value(name: String): Value = Value(nextId, name)/** Creates a fresh value, part of this enumeration, called `name`* and identified by the integer `i`.** @param i An integer that identifies this value at run-time. It must be* unique amongst all values of the enumeration.* @param name A human-readable name for that value.* @return Fresh value with the provided identifier `i` and name `name`.*/protected final def Value(i: Int, name: String): Value = new Val(i, name)
上面提供了各种 Value
的重载方法均是返回了 Val
类,所以说嘛,你有需要完全可以自己再实现一个 Value
Scala中枚举的简单使用
println(WeekDay.Wed)//直接取枚举值println(WeekDay.Wed.id)//取枚举值所在序号println(WeekDay.maxId)//枚举值的个数println(WeekDay.withName(&Wed&))//通过字符串获取枚举(这里是不需要反射的)
获取枚举的具体信息还是非常方便的
获取全部的枚举值进行输出
WeekDay.values.foreach(println(_))
枚举也可以用在匹配
matchTest(WeekDay.Wed)matchTest(WeekDay.Sat)def matchTest=(week:WeekDay.Value) =&week match{//注意,这里枚举的类型都是Valuecase w pare(WeekDay.Fri)&=0 =&println(&sorry,please working&)case WeekDay.Sat=&println((&go shopping&))case WeekDay.Sun=&println((&sleeping&))}
可以看到输出
sorry,please working
go shopping
这里的枚举值的比较其实就是对比他们的Id是否相等。
中的那套枚举并不能直接使用到 Scala
中的枚举使用轻量级 Enumeration
中的枚举其实是一个伴随对象
中的枚举没有方法重写功能
中的枚举其实都是 Enumeration.Value
Enumeration.scala
本作品采用
中国大陆许可协议进行许可,我的博客欢迎复制共享,但在同时,希望保留我的署名权kubiCode,并且,不得用于商业用途。如您有任何疑问或者授权方面的协商,请给我留言。
