Shulou(Shulou.com)05/31 Report--

This article to share with you is about python how to call jsDES encryption, Xiaobian feel quite practical, so share to everyone to learn, I hope you can read this article after some harvest, not much to say, follow Xiaobian to see it.

My friend raised a few questions. Let's solve them one by one.

Review the background: In fact, this station will be a number of manufacturers every month to do penetration, but perhaps see the password encryption on the pass this way, but when you are willing to pay more patience than others, you can see more scenery than others, dig more loopholes.

Premise: It can be cracked by brute force, because if you log in a few times, it will prohibit this account from logging in. It makes little sense to try. DES is symmetric encryption, and developers use front-end encryption so they have to write keys to pages or js. With this key, you can perform brute force cracking on the password after the same encryption.

Question 1: First, that online encryption and decryption website can say that under the cousin read the article to find even a few did not find the encryption and decryption requirements of the website.

Answer 1: Encrypted websites are:

http://tool.chacuo.net/cryptdes。Then choose:

In fact, if you look carefully, you can see that the last time I mentioned encrypted websites, there was a Referer field in the screenshot of the packet, which can be found there.

Question 2: The login encryption content written is

encryptByDES ('{"username":"admin","password":"12345678",'232cb85**cd 354'), after decryption is a long string such as iKUJ1, then what does this 232cb85 have to do with the decrypted one? I don't understand this.

Answer 2: Because the website has changed a encryption method, you can talk about it in detail. In fact, the key of des, knowing the original text and cipher text can also be cracked violently to find the key.

Let's clear up the train of thought first. The encryption function in his page looks like this:

function encryptByDES(message, key) {

var keyHex = CryptoJS.enc.Utf8.parse(key);

var encrypted = CryptoJS.DES.encrypt(message, keyHex, {

mode: CryptoJS.mode.ECB,

padding: CryptoJS.pad.Pkcs7

});

return encrypted.toString();

}

At the same time, the encrypted key is defined in the page

You also know from the above that the original format of encryption is: {"username":username","password":password}, the original password is des encrypted according to key

Therefore, based on the above information, we can conclude that the relationship is:

1. The original text to be encrypted is:

{"username":"admin","password":"12345678"}

2, key is 232cb851727762bbf7dd097da3bcd354

(The original website changed to other asymmetric encryption, you can say this key, although it did not say which website)

3. Encryption method:

Encryption mode ECB, padding pkcs7padding, offset 0, output base64

4. Cipher text:

iKUJ1KTtfI4NqIHAf7QQha71W4vil4uLWR1YQREFkJLsx1W/aKLcnt9Ni7PalkpP

Question 3: how to prove that the method does not work by burp replay packet.

The proof is that when you press it quickly and repeatedly, the return packet is like this:

It's just unicode encoded in the package, which can't be seen intuitively, but in fact, after decoding, it looks like this. The page says,"Please don't submit so soon, try again later."

Question 4: The order of js saved next is still a bit wrong. I see that the mode-ecb.js on the f12 console is not on the md5.js file. How can it be saved in the order below the md5.js file?

Answer 4: Yes, at the beginning I also encountered this problem card here, in fact, as long as the original website is loaded in the normal order written in their html can be achieved.

The original website loading order is as follows:

In fact, only two are used for encryption, mode-ecb.js and tripledes.js.

Enclosed at the end of the text are encrypted JavaScript scripts, and brute force scripts, and simulated encrypted brute force source code.

So the test Html should be written like this. (If the console can be successfully invoked, it can be put into python script to run.)

function encryptByDES(message, key) {

var keyHex = CryptoJS.enc.Utf8.parse(key);

var encrypted = CryptoJS.DES.encrypt(message, keyHex, {

mode: CryptoJS.mode.ECB,

padding: CryptoJS.pad.Pkcs7

});

return encrypted.toString();

}

Then the console can try again, enter:

encryptByDES('{"username":"admin","password":"12345678"}','232cb851727762bbf7dd097da3bcd354');

To use python script module, you only need to create a js file, paste the two in order inside and you can call it directly. See annex main_total.js.

Question 5: The jsdes encryption method mentioned in the article is pkcs7padding, how to determine the encryption method of this page?

Answer five: pay attention to carefully observe the page js can send his encryption fill way.

Expansion:

Write a simple simulation of this encryption brute force cracking exercise page, at the end of the attachment, you can try.

Screenshot of successful login. Enter the correct password directly click login invalid (because the password is very simple, in order to script solutions and avoid multiple solutions, must construct their own http request to succeed.)

Succeed in successful screenshots.

The easiest mistake to make is that js files are posted, and js that are not posted pages are not posted.

Brute force to determine the characteristics of the search to return to the characteristics of the good.

Brute force cracking gif using python script:

Attached js encryption and test page and blasting script, please download by yourself.

Download link:

https://pan.baidu.com/s/1kXlGkIVd7YDkRCtov01nOw

Extraction code: k8rg

main_total.js is the merged version, test.php is the simulated landing page.

The above is how python calls jsDES encryption, Xiaobian believes that some knowledge points may be seen or used in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.