)
定义
在CTF中,如果存在对密码的提示,如压缩包密码以“abc”开头且总长度为7,我们就会优先采用字典破解的方式。
这里我们用会用到在Kali中用到的工具crunch
如:
crunch1010-tabc%%%%%%%-oabc_7digit.txtcrunch 10 10:固定生成 10 位 字符串 -t abc%%%%%%%:模板参数 abc:固定开头 %:代表数字 0-9,写 7 个就是 7 位数字 @:小写字母 a-z ,:大写字母 A-Z ^:特殊符号 -o abc_7digit.txt:把字典保存到文件里 -z gzip:压缩输出实战:[第八章][8.2.3 字典破解]字典破解
这道题,《CTF实战:从入门到提升》这本书里没有给一点提示,所以就得把能想到的所有CTF常用字典,Top1000字典搞来,暴力破解一遍。这里我问了Workbuddy,生成了一个字典脚本.py,字典脚本脚本如下:
importzipfileimportitertoolsimportstring# ============================================================# CTF 字典破解 ZIP# 字典来源:# 1. CTF 高频密码(比赛中出现最多的)# 2. 常见数字组合# 3. 键盘走位# 4. 常见英文弱密码# 5. ctf/flag 相关变体# ============================================================ZIP_PATH=r'c:\Users\lenovo\WorkBuddy\Claw\字典破解.zip'# --- CTF & 通用高频密码字典 ---CTF_WORDLIST=[# CTF 专用"flag","ctf","ctf123","flag123","ctfctf","passwd","password","p@ssw0rd","p@ssword","passw0rd","admin","admin123","administrator","root","root123","toor","test","test123","guest","guest123",# 数字序列"123456","1234567","12345678","123456789","1234567890","111111","222222","333333","666666","888888","000000","123123","321321","112233","123321","1q2w3e","1q2w3e4r","1q2w3e4r5t","qwerty","qwerty123","qwertyuiop",# 常见英文弱密码"password","password1","password123","iloveyou","sunshine","princess","monkey","dragon","master","letmein","welcome","login","hello","hello123","abc123","abcd1234","baseball","football","shadow","superman","batman","trustno1",# 键盘走位"qazwsx","zxcvbnm","asdfgh","asdfghjkl","1234qwer",# 年份/日期"2020","2021","2022","2023","2024","2025","20200101","20210101","20221212","19891231",# 中文拼音常见"woaini","woshini","nihaoma","zhongguo","beijing",# CTF 平台常见"hack","hacker","hacking","exploit","shell","pwn","pwned","reverse","crypto","web","misc","binary",# 空密码"",# 其他"pass","123","1234","12345","654321","7654321","a123456","a12345678","aa123456","abc","abcdef","abcdefg","abcdefgh","111","1111","11111","000","0000","00000","9999","99999","8888","88888","7777","6666","5555","4321","4444","3333","2222","1111","3141592","123qwe","123abc","a1b2c3","aaa111","success","game","love","god","sex","god123","michael","jessica","charlie","thomas","robert","pokemon","starwars","matrix","linux","windows",]# --- 生成额外的数字组合 (4-8位纯数字) ---extra=[]# 4位forninrange(0,10000):extra.append(f"{n:04d}")# 6位常见fornin[100000,110000,111111,112233,121212,123321,123456,123654,132456,147258,159357,159753,192168,200000,202020,210987,212121,246810,258369,314159,321654,456789,519519,520520,521521,654321,666666,696969,741852,741963,753951,789456,852456,852963,963852,987654,999999]:extra.append(str(n))wordlist=CTF_WORDLIST+extraprint(f"[*] 字典总词条数:{len(wordlist)}")print(f"[*] 开始破解:{ZIP_PATH}")print()found=Falsecount=0try:zf=zipfile.ZipFile(ZIP_PATH)forpwdinwordlist:count+=1ifcount%500==0:print(f" [~] 已尝试{count}/{len(wordlist)}... 当前:{repr(pwd)}")try:zf.extractall(path=r'c:\Users\lenovo\WorkBuddy\Claw\cracked_output',pwd=pwd.encode('utf-8'))print(f"\n[+] 破解成功!密码是:{repr(pwd)}")found=Truebreakexcept(RuntimeError,zipfile.BadZipFile):continueexceptException:# 尝试 latin-1 编码try:zf.extractall(path=r'c:\Users\lenovo\WorkBuddy\Claw\cracked_output',pwd=pwd.encode('latin-1'))print(f"\n[+] 破解成功!密码是:{repr(pwd)}")found=TruebreakexceptException:continueexceptExceptionase:print(f"[-] 打开ZIP出错:{e}")ifnotfound:print(f"\n[-] 字典破解失败,已尝试{count}个密码,未找到匹配项")print(" 建议:尝试更大字典(如 rockyou.txt)或暴力破解")else:importos out_dir=r'c:\Users\lenovo\WorkBuddy\Claw\cracked_output'forfinos.listdir(out_dir):fpath=os.path.join(out_dir,f)print(f"[*] 解压文件:{fpath}")try:content=open(fpath,'rb').read()print(f"[*] 内容:{content}")exceptException:pass最后拿到密码是:p@ssw0rd。
成功破解压缩包。
)
