DVWA series 13 Brute Force code analysis and defense
I have analyzed the low-level Brute Force code before. Next I will analyze the medium and high-level Code respectively.
Medium-level code:
Obviously, we can see the difference between medium and low. Here, the variables $ user and $ pass that are responsible for receiving user Parameters are filtered. The filtering method is still using mysql_real_escape_string () function. In this way, password bypass will not work, but it will not have any impact on brute-force cracking. Using Burpsuite can still quickly crack the password.
Next let's look at the high-level code:
At the high level, the variables $ user and $ pass are first filtered. Of course, the stripslashes () function is used to clear the escape of magic quotes before filtering. After a closer look at the difference with the medium-level code, we will find that a line of code "sleep (3)" is added to the else part of the if statement, that is, if the password is incorrect, it takes three seconds to continue the input. This design is obviously used to defend against brute-force cracking. In the Burpsuite test, we can find that the password cracking time has been greatly extended. In this way, if the password is slightly more complex, in addition, the appropriate pause time can basically effectively defend against brute-force cracking.
Of course, the most effective way to defend against brute-force cracking is to add a verification code to the logon page. Although some verification codes can also be broken through, if the verification code is slightly more complex, just like the 12306 Verification Code recently leaked, brute-force cracking is basically impossible.
I have analyzed the low-level Brute Force code before. Next I will analyze the medium and high-level Code respectively.
Medium-level code:
Obviously, we can see the difference between medium and low. Here, the variables $ user and $ pass that are responsible for receiving user Parameters are filtered. The filtering method is still using mysql_real_escape_string () function. In this way, password bypass will not work, but it will not have any impact on brute-force cracking. Using Burpsuite can still quickly crack the password.
Next let's look at the high-level code:
At the high level, the variables $ user and $ pass are first filtered. Of course, the stripslashes () function is used to clear the escape of magic quotes before filtering. After a closer look at the difference with the medium-level code, we will find that a line of code "sleep (3)" is added to the else part of the if statement, that is, if the password is incorrect, it takes three seconds to continue the input. This design is obviously used to defend against brute-force cracking. In the Burpsuite test, we can find that the password cracking time has been greatly extended. In this way, if the password is slightly more complex, in addition, the appropriate pause time can basically effectively defend against brute-force cracking.
Of course, the most effective way to defend against brute-force cracking is to add a verification code to the logon page. Although some verification codes can also be broken through, if the verification code is slightly more complex, just like the 12306 Verification Code recently leaked, brute-force cracking is basically impossible.