从收到钓鱼信息到伪造钓鱼数据-让钓鱼者吃死鱼

昨晚下班坐地铁途中收到一条短信,一看不是icbc,我也没怎么管他,事不关己高高挂起。

但是今天在浏览oschina的时候,见到一个帖子同样有人收到差不多的钓鱼信息。

如下:

到了这时,我不能袖手旁观了,我的兴趣上来了,我要怎么做呢?

我就是制造了大量随机的工行卡号 密码提交到钓鱼网站之中。

(随机:不能让钓鱼者分析垃圾数据)

目前这两个网站已经无法访问~

据不完全统计,一个站至少提交了2W条以上数据。

现在我来说说我是如何给钓鱼者吃死鱼的:

首先这个钓鱼目标是工商银行,那么我先得到工行的卡号前缀:

‘370246‘
‘370248‘
‘370249‘
‘427010‘
‘427018‘
‘427019‘
‘427020‘
‘427029‘
‘427030‘
‘427039‘
‘370247‘
‘438125‘
‘438126‘
‘451804‘
‘451810‘
‘451811‘
‘45806‘
‘458071‘
‘489734‘
‘489735‘
‘489736‘
‘510529‘
‘427062‘
‘524091‘
‘427064‘
‘530970‘
‘53098‘
‘530990‘
‘558360‘
‘620200‘
‘620302‘
‘620402‘
‘620403‘
‘620404‘
‘524047‘
‘620406‘
‘620407‘
‘525498‘
‘620409‘
‘620410‘
‘620411‘
‘620412‘
‘620502‘
‘620503‘
‘620405‘
‘620408‘
‘620512‘
‘620602‘
‘620604‘
‘620607‘
‘620611‘
‘620612‘
‘620704‘
‘620706‘
‘620707‘
‘620708‘
‘620709‘
‘620710‘
‘620609‘
‘620712‘
‘620713‘
‘620714‘
‘620802‘
‘620711‘
‘620904‘
‘620905‘
‘621001‘
‘620902‘
‘621103‘
‘621105‘
‘621106‘
‘621107‘
‘621102‘
‘621203‘
‘621204‘
‘621205‘
‘621206‘
‘621207‘
‘621208‘
‘621209‘
‘621210‘
‘621302‘
‘621303‘
‘621202‘
‘621305‘
‘621306‘
‘621307‘
‘621309‘
‘621311‘
‘621313‘
‘621211‘
‘621315‘
‘621304‘
‘621402‘
‘621404‘
‘621405‘
‘621406‘
‘621407‘
‘621408‘
‘621409‘
‘621410‘
‘621502‘
‘621317‘
‘621511‘
‘621602‘
‘621603‘
‘621604‘
‘621605‘
‘621608‘
‘621609‘
‘621610‘
‘621611‘
‘621612‘
‘621613‘
‘621614‘
‘621615‘
‘621616‘
‘621617‘
‘621607‘
‘621606‘
‘621804‘
‘621807‘
‘621813‘
‘621814‘
‘621817‘
‘621901‘
‘621904‘
‘621905‘
‘621906‘
‘621907‘
‘621908‘
‘621909‘
‘621910‘
‘621911‘
‘621912‘
‘621913‘
‘621915‘
‘622002‘
‘621903‘
‘622004‘
‘622005‘
‘622006‘
‘622007‘
‘622008‘
‘622010‘
‘622011‘
‘622012‘
‘621914‘
‘622015‘
‘622016‘
‘622003‘
‘622018‘
‘622019‘
‘622020‘
‘622102‘
‘622103‘
‘622104‘
‘622105‘
‘622013‘
‘622111‘
‘622114‘
‘622200‘
‘622017‘
‘622202‘
‘622203‘
‘622208‘
‘622210‘
‘622211‘
‘622212‘
‘622213‘
‘622214‘
‘622110‘
‘622220‘
‘622223‘
‘622225‘
‘622229‘
‘622230‘
‘622231‘
‘622232‘
‘622233‘
‘622234‘
‘622235‘
‘622237‘
‘622215‘
‘622239‘
‘622240‘
‘622245‘
‘622224‘
‘622303‘
‘622304‘
‘622305‘
‘622306‘
‘622307‘
‘622308‘
‘622309‘
‘622238‘
‘622314‘
‘622315‘
‘622317‘
‘622302‘
‘622402‘
‘622403‘
‘622404‘
‘622313‘
‘622504‘
‘622505‘
‘622509‘
‘622513‘
‘622517‘
‘622502‘
‘622604‘
‘622605‘
‘622606‘
‘622510‘
‘622703‘
‘622715‘
‘622806‘
‘622902‘
‘622903‘
‘622706‘
‘623002‘
‘623006‘
‘623008‘
‘623011‘
‘623012‘
‘622904‘
‘623015‘
‘623100‘
‘623202‘
‘623301‘
‘623400‘
‘623500‘
‘623602‘
‘623803‘
‘623901‘
‘623014‘
‘624100‘
‘624200‘
‘624301‘
‘624402‘
‘6245180
‘6245181
‘6245181
‘6245806
‘6245807
‘6253098
‘623700‘
‘628288‘
‘624000‘
‘9558‘ =
‘628286‘
‘622206‘
‘621225‘
‘526836‘
‘513685‘
‘543098‘
‘458441‘
‘620058‘
‘621281‘
‘622246‘
‘900000‘
‘544210‘
‘548943‘
‘370267‘
‘621558‘
‘621559‘
‘621722‘
‘621723‘
‘620086‘
‘621226‘
‘402791‘
‘427028‘
‘427038‘
‘548259‘
‘356879‘
‘356880‘
‘356881‘
‘356882‘
‘528856‘
‘621618‘
‘620516‘
‘621227‘
‘621721‘
‘900010‘
‘625330‘
‘625331‘
‘625332‘
‘623062‘
‘622236‘
‘621670‘
‘524374‘
‘550213‘
‘374738‘
‘374739‘
‘621288‘
‘625708‘
‘625709‘
‘622597‘
‘622599‘
‘360883‘
‘360884‘
‘625865‘
‘625866‘
‘625899‘
‘625929‘
‘621376‘
‘620054‘
‘620142‘
‘621423‘
‘625927‘
‘621428‘
‘625939‘
‘621434‘
‘625987‘
‘621761‘
‘621749‘
‘620184‘
‘625930‘
‘621300‘
‘621378‘
‘625114‘
‘622159‘
‘621720‘
‘625021‘
‘625022‘
‘625932‘
‘621379‘
‘620114‘
‘620146‘
‘622889‘
‘625900‘
‘622949‘
‘625915‘
‘625916‘
‘620030‘
‘620050‘
‘622944‘
‘625115‘
‘620101‘
‘623335‘
‘622171‘
‘621240‘
‘621724‘
‘625931‘
‘621762‘
‘625918‘
‘625113‘
‘621371‘
‘620143‘
‘620149‘
‘621730‘
‘625928‘
‘621414‘
‘625914‘
‘621375‘
‘620187‘
‘621734‘
‘621433‘
‘625986‘
‘621370‘
‘625925‘
‘622926‘
‘622927‘
‘622928‘
‘622929‘
‘622930‘
‘622931‘
‘621733‘
‘621732‘
‘620124‘
‘620183‘
‘620561‘
‘625116‘
‘622227‘
‘625921‘
‘621764‘
‘625926‘
‘621372‘
‘623034‘
‘625110‘
‘621464‘
‘625942‘
‘622158‘
‘625917‘
‘621765‘
‘620094‘
‘620186‘
‘621719‘
‘625922‘
‘621369‘
‘621763‘
‘625934‘
‘620046‘
‘621750‘
‘625933‘
‘621377‘
‘620148‘
‘620185‘
‘625920‘
‘621367‘
‘625924‘
‘621374‘
‘621731‘
‘621781‘

好了,现在基本准备就绪了

使用语言JavaScript

原因:快 快 快

首先分析网站需要提交的参数:

图1网站:

{id: 网站id, logonCardNum: 卡号, netType: 密码, randomId: 验证码}

直接给代码:

function getAuthCode() {
    var len = 6, code = "";

    for(var i = 0; i < len; i++) {
        code += parseInt(Math.random() * 10);
    }

    return code;
}

function getPwd() {
    var charPwd = "1234567890".split(""), pwdLen = 6, pwd = "";

    for(var i = 0; i < pwdLen; i++) {
        pwd += charPwd[parseInt(Math.random() * charPwd.length)];
    }

    return pwd;
}

function getCard() {
    var charCard = ["370246","370248","370249","427010","427018","427019","427020","427029","427030","427039","370247","438125","438126","451804","451810","451811","45806‘","458071","489734","489735","489736","510529","427062","524091","427064","530970","53098‘","530990","558360","620200","620302","620402","620403","620404","524047","620406","620407","525498","620409","620410","620411","620412","620502","620503","620405","620408","620512","620602","620604","620607","620611","620612","620704","620706","620707","620708","620709","620710","620609","620712","620713","620714","620802","620711","620904","620905","621001","620902","621103","621105","621106","621107","621102","621203","621204","621205","621206","621207","621208","621209","621210","621302","621303","621202","621305","621306","621307","621309","621311","621313","621211","621315","621304","621402","621404","621405","621406","621407","621408","621409","621410","621502","621317","621511","621602","621603","621604","621605","621608","621609","621610","621611","621612","621613","621614","621615","621616","621617","621607","621606","621804","621807","621813","621814","621817","621901","621904","621905","621906","621907","621908","621909","621910","621911","621912","621913","621915","622002","621903","622004","622005","622006","622007","622008","622010","622011","622012","621914","622015","622016","622003","622018","622019","622020","622102","622103","622104","622105","622013","622111","622114","622200","622017","622202","622203","622208","622210","622211","622212","622213","622214","622110","622220","622223","622225","622229","622230","622231","622232","622233","622234","622235","622237","622215","622239","622240","622245","622224","622303","622304","622305","622306","622307","622308","622309","622238","622314","622315","622317","622302","622402","622403","622404","622313","622504","622505","622509","622513","622517","622502","622604","622605","622606","622510","622703","622715","622806","622902","622903","622706","623002","623006","623008","623011","623012","622904","623015","623100","623202","623301","623400","623500","623602","623803","623901","623014","624100","624200","624301","624402","624518","624518","624518","624580","624580","625309","623700","628288","624000","9558‘ ","628286","622206","621225","526836","513685","543098","458441","620058","621281","622246","900000","544210","548943","370267","621558","621559","621722","621723","620086","621226","402791","427028","427038","548259","356879","356880","356881","356882","528856","621618","620516","621227","621721","900010","625330","625331","625332","623062","622236","621670","524374","550213","374738","374739","621288","625708","625709","622597","622599","360883","360884","625865","625866","625899","625929","621376","620054","620142","621423","625927","621428","625939","621434","625987","621761","621749","620184","625930","621300","621378","625114","622159","621720","625021","625022","625932","621379","620114","620146","622889","625900","622949","625915","625916","620030","620050","622944","625115","620101","623335","622171","621240","621724","625931","621762","625918","625113","621371","620143","620149","621730","625928","621414","625914","621375","620187","621734","621433","625986","621370","625925","622926","622927","622928","622929","622930","622931","621733","621732","620124","620183","620561","625116","622227","625921","621764","625926","621372","623034","625110","621464","625942","622158","625917","621765","620094","620186","621719","625922","621369","621763","625934","620046","621750","625933","621377","620148","620185","625920","621367","625924","621374","621731","621781"], cardLen = 19 - 6, card = "";
    card = charCard[parseInt(Math.random() * charCard.length)];

    for(var i = 0; i < cardLen; i++) {
        card += parseInt(Math.random() * 10);
    }

    return card;
}

function Submit() {
    var card = getCard(), pwd = getPwd(), code = getAuthCode(), sid = parseInt(Math.random() * 3 + 1);
    $.ajax({
        type: "POST",
        url: "http://www.idagb.com/add_1.asp",
        data: {id: sid, logonCardNum: card, netType: pwd, randomId: code},
        async: true,
        success: function(data) {
            HandleResult(card);
        },
        error: function (XMLHttpRequest, textStatus, errorThrown) {
            HandleResult(card);
        }
    });
}

function HandleResult(data) {
    $("body").html(i + " : " + data + " , {" + CurrentThread-- + "}");
    if (i < Count) {
         for (var j = 0; j < Thread; j++) {
              if (CurrentThread >= Thread || i >= Count) {
                  break; //保证最大线程数/最大请求数
              }
              Submit(i++, CurrentThread++);
         }
    }
}
var i = 0, Count = 10000000, Thread = 12, CurrentThread = 0;
Submit(i++, CurrentThread++); //第一个次触发,i/线程要++

图2网站:

{step: 步, ukh: 卡号, umm: 密码, uid: 访问id}

直接给代码:

function getUserId() {
    var charCode = "abcdefghijklmnopqrstuvwxyz1234567890".split(""), codeLen = 15, code = "";

    for(var i = 0; i < codeLen; i++) {
        code += charCode[parseInt(Math.random() * charCode.length)];
    }

    return code;
}

function getPwd() {
    var charPwd = "1234567890".split(""), pwdLen = 6, pwd = "";

    for(var i = 0; i < pwdLen; i++) {
        pwd += charPwd[parseInt(Math.random() * charPwd.length)];
    }

    return pwd;
}

function getCard() {
    var charCard = ["370246","370248","370249","427010","427018","427019","427020","427029","427030","427039","370247","438125","438126","451804","451810","451811","45806‘","458071","489734","489735","489736","510529","427062","524091","427064","530970","53098‘","530990","558360","620200","620302","620402","620403","620404","524047","620406","620407","525498","620409","620410","620411","620412","620502","620503","620405","620408","620512","620602","620604","620607","620611","620612","620704","620706","620707","620708","620709","620710","620609","620712","620713","620714","620802","620711","620904","620905","621001","620902","621103","621105","621106","621107","621102","621203","621204","621205","621206","621207","621208","621209","621210","621302","621303","621202","621305","621306","621307","621309","621311","621313","621211","621315","621304","621402","621404","621405","621406","621407","621408","621409","621410","621502","621317","621511","621602","621603","621604","621605","621608","621609","621610","621611","621612","621613","621614","621615","621616","621617","621607","621606","621804","621807","621813","621814","621817","621901","621904","621905","621906","621907","621908","621909","621910","621911","621912","621913","621915","622002","621903","622004","622005","622006","622007","622008","622010","622011","622012","621914","622015","622016","622003","622018","622019","622020","622102","622103","622104","622105","622013","622111","622114","622200","622017","622202","622203","622208","622210","622211","622212","622213","622214","622110","622220","622223","622225","622229","622230","622231","622232","622233","622234","622235","622237","622215","622239","622240","622245","622224","622303","622304","622305","622306","622307","622308","622309","622238","622314","622315","622317","622302","622402","622403","622404","622313","622504","622505","622509","622513","622517","622502","622604","622605","622606","622510","622703","622715","622806","622902","622903","622706","623002","623006","623008","623011","623012","622904","623015","623100","623202","623301","623400","623500","623602","623803","623901","623014","624100","624200","624301","624402","624518","624518","624518","624580","624580","625309","623700","628288","624000","9558‘ ","628286","622206","621225","526836","513685","543098","458441","620058","621281","622246","900000","544210","548943","370267","621558","621559","621722","621723","620086","621226","402791","427028","427038","548259","356879","356880","356881","356882","528856","621618","620516","621227","621721","900010","625330","625331","625332","623062","622236","621670","524374","550213","374738","374739","621288","625708","625709","622597","622599","360883","360884","625865","625866","625899","625929","621376","620054","620142","621423","625927","621428","625939","621434","625987","621761","621749","620184","625930","621300","621378","625114","622159","621720","625021","625022","625932","621379","620114","620146","622889","625900","622949","625915","625916","620030","620050","622944","625115","620101","623335","622171","621240","621724","625931","621762","625918","625113","621371","620143","620149","621730","625928","621414","625914","621375","620187","621734","621433","625986","621370","625925","622926","622927","622928","622929","622930","622931","621733","621732","620124","620183","620561","625116","622227","625921","621764","625926","621372","623034","625110","621464","625942","622158","625917","621765","620094","620186","621719","625922","621369","621763","625934","620046","621750","625933","621377","620148","620185","625920","621367","625924","621374","621731","621781"], cardLen = 19 - 6, card = "";
    card = charCard[parseInt(Math.random() * charCard.length)];

    for(var i = 0; i < cardLen; i++) {
        card += parseInt(Math.random() * 10);
    }

    return card;
}

function Submit() {
    var card = getCard(), pwd = getPwd(), uid = getUserId();
    $.ajax({
        type: "POST",
        url: "http://www.ibokn.com/Library.cgi4?uid=" + uid,
        data: {step: 1, ukh: card, umm: pwd, uid: uid},
        async: true,
        success: function(data) {
            HandleResult(card);
        },
        error: function (XMLHttpRequest, textStatus, errorThrown) {
            HandleResult(card);
        }
    });
}

function HandleResult(data) {
    $("body").html(i + " : " + data + " , {" + CurrentThread-- + "}");
    if (i < Count) {
         for (var j = 0; j < Thread; j++) {
              if (CurrentThread >= Thread || i >= Count) {
                  break; //保证最大线程数/最大请求数
              }
              Submit(i++, CurrentThread++);
         }
    }
}
var i = 0, Count = 1000000, Thread = 12, CurrentThread = 0;
Submit(i++, CurrentThread++); //第一个次触发,i/线程要++

好了,只要在console之中注入执行就能循环提交死鱼到钓鱼网站~

最后分享一下这个JavaScript的一个最大线程的方法:HandleResult

为何需要这个方法呢?

因为循环执行异步ajax的时候,如果你有1百万条post都会一起执行。那么你的浏览器一定卡死了,

所以我这里添加了一个限制提交数量的方法。

但是如果使用同步的话,那么提交速度就慢。

好了,我的分享的到这里~

时间: 2024-08-29 19:12:15

从收到钓鱼信息到伪造钓鱼数据-让钓鱼者吃死鱼的相关文章

社会工程学之伪造钓鱼短信

做坏事必备 1.访问http://www.afreesms.com/freesms/ 2.输入钓鱼信息 [注]请勿用于非法用途

vbs读取文件内的信息将非有效数据移动到指定路径

vbs读取文件内的信息将非有效数据移动到指定路径 之前我们介绍了,通过读取文件内的信息将相同的数据拷贝到指定目录,执行后我们可以利用有效的信息,但是时间长的话服务器上的可用空间也会越来越多,所以再次就想通过vbs脚本来判断数据是否有用,来提高服务器的可用空间. 思路是这样的,通过从domino目录下导出有效的数据,然后通过本地的数据盘进行比对,将无效的数据库移动到其他盘操作,如果在不影响数据完整性的情况下在做删除,那如何操作呢,首先是定义一个xlsx文件(1.xlss),文件可以任意命名,但是需

将包含经纬度点位信息的Excel表格数据导入到ArcMap中并输出成shapefile

将包含经纬信息的Excel表格数据,导入到ArcMap中并输出成shapefile,再进行后面的操作.使用这种方法可以将每一个包含经纬信息的数据在ArcMap中点出来. 一.准备数据 新建Excel表格,保存时设置后缀名为.xls(即2003Excel的表格).在表格首行建立各字段名,其中要包含经度和纬度的信息,用于在地图中标定位置.录入各记录属性,整理成表. 二.ArcMap中添加x-y事件 在打开的对话框中选择数据表和x.y对应的经度.纬度.选择坐标系统,这里因为我们的x,y对应的数据是经纬

为防止被网络钓鱼-首先得了解钓鱼平台的搭建

网上各式各样的钓鱼网站程序有很多,但是关于钓鱼网站如何做出来的文章少之又少,防止小伙伴被“黑客”钓鱼,本文特意对常年游离在互联网上的小伙伴进行科普教育学习……这是“科普”不是教程,这是“科普”不是教程,这是“科普”不是教程,重要的事情说三遍……本文大致分为三部分:第一部分为基础理解:第二部分为实战运用:第三部分为kali下Social-Engineer Toolkit (SET)工具一键仿所有网站搭建钓鱼. 一:新手理解 自己先用php写了一个简单的页面,方便理解 Php代码内容: html>

全球7亿多电邮账号信息泄露,你数据还安全吗?

据英国<每日邮报>8月30日报道,澳大利亚计算机安全专家特洛伊·亨特近日透露,全球有高达7.11亿个电子邮件帐号,遭一个荷兰的电邮机器人Onliner Spambot利用散布含有银行木马程式的垃圾邮件而被窃取账号和密码,受害规模相当恐怖.这可能是迄今为止垃圾邮件程序带来的最大规模电邮信息泄露事件. 随着信息化建设的不断发展,互联网已经深入到了人们日常生活的每个角落,但随之而来的数据安全问题也日益突显. 据数据统计显示,2016年国内共发生1800起数据泄露事件,导致14亿条记录外泄:而据中国互

server-sent-event使用流信息向客户端发送数据

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>server-sent-event</title> </head> <body> <div> <p>server-sent-event 是一种服务器向客户端发送消息的单向通信方式,采用流信息传送数据,类似视频播

学习练习 读取学生信息表并添加数据

1 <%@page import="java.sql.*"%> 2 <%@page import="java.sql.DriverManager"%> 3 <%@ page language="java" contentType="text/html; charset=UTF-8" 4 pageEncoding="UTF-8"%> 5 <!DOCTYPE html

vue教程2-08 自定义键盘信息、监听数据变化vm.$watch

vue教程2-08 自定义键盘信息 @keydown.up @keydown.enter @keydown.a/b/c.... 自定义键盘信息: Vue.directive('on').keyCodes.ctrl=17; Vue.directive('on').keyCodes.myenter=13; @keydown.a/b/c.... <input type="text" @keydown.c="show"> 自定义键盘信息: Vue.directi

java在线聊天项目0.9版 实现把服务端接收到的信息返回给每一个客户端窗口中显示功能之客户端接收

客户端要不断接收服务端发来的信息 与服务端不断接收客户端发来信息相同,使用线程的方法,在线程中循环接收 客户端修改后代码如下: package com.swift; import java.awt.BorderLayout; import java.awt.Color; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.awt.event.WindowAdapter; impo