当前位置:网站首页>Analysis of smart jiangcai login in Jiangxi University of Finance and Economics

Analysis of smart jiangcai login in Jiangxi University of Finance and Economics

2022-06-30 12:41:00 Minor dream

Grab the bag first

  • Found the parameters for submitting login

Pictured , Submitted parameters

  • Then try to search for these parameters , Look where it's used , The key is password How it's encrypted , Global search ctrl+shift+f To search for code , Locate as shown in the figure below

  • Then we know the encryption method

Logical summary

  1. The encryption entry can be in index Find... On the home page , Yes rsa.js The three encryption functions inside RSAKey()setPublic()encrypt();
  2. rsa.js Inside BigInteger() Function dependency jsbn.js,SecureRandom() Function dependency rng.js;
  3. rng.js Variables in rng_psize stay prng4.js In the definition of ,prng_newstate() Functions also depend on prng4.js

submission

Pre knowledge

  • Form name effect :name Property is used to identify the form data submitted to the server

  • Be careful : Only set name Property to pass their values when the form is submitted .

  • Simply speaking ,name Is the index submitted to the background , For example, the check box should be set to name="hobby" Explain that several check boxes are under the hobby .

  • Check the source code of the webpage to find , Is on the web through form Form submitted by , It's not through axios Or add jQuery Conduct js Submit , Take a look at the code below , adopt form Submit the form to /cas/login

<form id="fm1" action="`" method="post" autocomplete="off">
    <div id="errorMessage" class="error" style="display:none;">
      <div class="error-massage"></div>
    </div>
    <table cellpadding="0" cellspacing="0">
    	
      <tr>
        <td colspan="2">
        	<input id="username" name="username" type="text" class="user" placeholder=" Campus card number / Please activate for the first time " value="" />
        	<input type="text" class="user" style="display: none;" />
        </td>
      </tr>
      <tr>
        <td colspan="2">
        	<input id="passwordEnc" name="password" type="hidden" value="" />
        	<input id="password" type="password" class="pw" placeholder=" Unified identity authentication password " />
        	<input type="text" class="pw" style="display: none;" />
        </td>
      </tr>
      <tr id="imageCode" style="display:none;">
        <td colspan="2" style="position:relative;">
        	<input id="errors" name="errors" type="hidden" value="0" />
        	<input id="imageCodeName" name="imageCodeName" type="text" size="4" class="yzm" placeholder=" Verification Code " /><input type="text" class="yzm" style="display: none;" />
        	<div style="position:absolute; top:5px; right:0;">
        	<img width="100" style="height:2.5rem;" src='/cas/codeimage' style="cursor: pointer;" onclick="this.src='/cas/codeimage?'+Math.floor(Math.random()*100)" />
        	</div>
        </td>
      </tr>
      <tr style="display:none;" id="rememberPwd">
        <td colspan="2" style="height: 15px;"><input id="ckbRememberPP" name="rememberMe" type="checkbox" value="true"/><input type="hidden" name="_rememberMe" value="on"/><label for="ckbRememberPP" style="vertical-align: middle;height: 13px;"> Remember the password ,2 Automatic login within a week </label></td>
      </tr>
      <tr>
        <td colspan="2"><input type="submit" value=" deng   record " onclick="javascript:return checkInput();" /></td>
      </tr>
      <tr>
        <td colspan="2">
        	<a href='https://ssl.jxufe.edu.cn/uid/activateAuth?t=20161208120000' class="zhjh-a" target="_blank"> Account activation </a><a href='https://ssl.jxufe.edu.cn/uid/forget?t=20161208120000' class="wjmm-a" target="_blank"> Forget the password </a>
        </td>
      </tr>
      <tr>
      <td class="line" width="60%">
        <a href="pages/account_activate.html?t=20161208120000" class="zhjh"> Unified authentication account activation strategy </a>
        <div class="clear-1"></div>
      	<a href="pages/password_forget.html?t=20161208120000" class="mmzh"> Information portal password retrieval Introduction </a>
      </td>	
      <td class="line" align="right" width="40%"> 
        <div align="center" class="ewm">
          <img src="images/ewm.jpg" width="70"><br> Mobile portal QR code 
        </div>
      </td>
      </tr>
    </table>
    <input type="hidden" name="cryptoType" value="1" />
    <input type="hidden" name="lt" value="_c4ECACA77-B52F-B3C8-EF78-7F2DE9C616E0_k8175C76F-F064-D984-F521-22035A30AD09" />
    <input type="hidden" name="_eventId" value="submit" />
    </form>

Encryption sample code

  • Other dependence github Just have a look https://github.com/superBiuBiuMan/jxufe_loginRSA

Key code 

//RSA encryption 
const {
    
    RSAKey
} = require("./tools/rsa");

var rsa = new RSAKey();
// If the following two parameters change , Just go to the official website to see the source code 
var n = "5598e3b75d21a2989274e222fa59ab07d829faa29b544e3a920c4dd287aed9302a657280c23220a35ae985ba157400e0502ce8e44570a1513bf7146f372e9c842115fb1b86def80e2ecf9f8e7a586656d12b27529f487e55052e5c31d0836b2e8c01c011bca911d983b1541f20b7466c325b4e30b4a79652470e88135113c9d9";
var e = "10001";

// Password encryption 
rsa.setPublic(n, e);
var encodedPassword = rsa.encrypt('123456789');
// Output encrypted password 
console.log(encodedPassword);

Be careful

The two parameters may change , Just go to the official website to see the source code

With js

  • Originally wanted to write a query results , Later, I found that it would not , Packet capture analysis will not … The certificate that jumps around …

ts edition 


const axios = require('axios');
const qs = require('qs');
const {
     RSAKey } = require("./tools/rsa");
const cheerio = require("cheerio");

const nDefault = '5598e3b75d21a2989274e222fa59ab07d829faa29b544e3a920c4dd287aed9302a657280c23220a35ae985ba157400e0502ce8e44570a1513bf7146f372e9c842115fb1b86def80e2ecf9f8e7a586656d12b27529f487e55052e5c31d0836b2e8c01c011bca911d983b1541f20b7466c325b4e30b4a79652470e88135113c9d9';
const eDefault = '10001';

class LoginAndGet {
    
    n: string;
    e: string;
    userName: string;
    passWord: string;
    encodedPassword: string;// Encrypted password 
    constructor(userName: string, passWord: string, n: string = nDefault, e: string = eDefault) {
    
        this.n = n;
        this.e = e;
        this.userName = userName;
        this.passWord = passWord;
        this.getRSAPassword(this.passWord);
    }
    /*  Get the encrypted password  */
    getRSAPassword(originPass: string): void {
    
        let rsa = new RSAKey();
        // Set encryption 
        rsa.setPublic(this.n, this.e);
        // To encrypt 
        this.encodedPassword = rsa.encrypt(originPass);
    }

    /*  Start  */
    start() {
    
        this.getIt();
    }

    /*  obtain it Parameters  */
    getIt(): void {
    
        axios({
    
            method: 'get',
            url: 'https://ssl.jxufe.edu.cn/cas/login',
            headers: {
    
                'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36',
            }
        }).then((data) => {
    
            var Data = [];
            Data.push(data.headers['set-cookie'][0].toString().match(/\w*(?=\.)/m).join()); // obtain JSESSIONID
            Data.push(data.headers['set-cookie'][1].toString().match(/\w*(?=;)/m).join()); // obtain sessoinMapKey
            Data.push(cheerio.load(data.data)(":input[name='lt']").attr('value')); // obtain It
            // )
            console.log(" Load the page to get something ", Data);
            return Data;
        }).then(data => {
    
            // console.log(data);
            // JSESSIONID 0 Index and  sessoinMapKey 1  and It 2
            this.loginF(data[2], data[1], data[0], this.userName, this.encodedPassword);
        });
    }
    /*  Sign in  */
    loginF(lt: string, sess: string, jsess: string, userName: string, encodedPassword: string) {
    
        // Transmitted data 
        var data = qs.stringify({
    
            'username': userName,
            'password': encodedPassword,
            'errors': '0',
            '_rememberMe': 'on',
            'cryptoType': '1',
            '_eventId': 'submit',
            'imageCodeName': '',
            'lt': lt
        });
        //axios To configure 
        var config = {
    
            method: 'post',
            url: 'https://ssl.jxufe.edu.cn/cas/login?jsessionid=' + jsess + '.cas_app_2',
            // url: 'https://ssl.jxufe.edu.cn/cas/login',
            headers: {
    
                'Content-Type': 'application/x-www-form-urlencoded',
                'User-Agent': ' Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36',
                'Cookie': 'JSESSIONID=' + jsess + '.cas_app_2;sessoinMapKey=' + sess + '; jxufe_username=' + userName,
                'Referer': 'https://ssl.jxufe.edu.cn/cas/login',
                'Origin': 'https://ssl.jxufe.edu.cn',
            },
            data: data
        };
        // Send a request 
        axios(config)
            .then(function (response) {
    
                var result = cheerio.load(response.data)(".error-massage span").text();
                console.log(" Login result is :" + result);
                console.log('cookie1 by ',response.headers);
            })
            .catch(function (error) {
    
                console.log(error);
            });
    }

}

// Test code 
var test = new LoginAndGet('2202140875', 'superBiuBB');
test.start();
  • Converted js
var axios = require('axios');
var qs = require('qs');
var RSAKey = require("./tools/rsa").RSAKey;
var cheerio = require("cheerio");
var nDefault = '5598e3b75d21a2989274e222fa59ab07d829faa29b544e3a920c4dd287aed9302a657280c23220a35ae985ba157400e0502ce8e44570a1513bf7146f372e9c842115fb1b86def80e2ecf9f8e7a586656d12b27529f487e55052e5c31d0836b2e8c01c011bca911d983b1541f20b7466c325b4e30b4a79652470e88135113c9d9';
var eDefault = '10001';
var LoginAndGet = /** @class */ (function () {
    
    function LoginAndGet(userName, passWord, n, e) {
    
        if (n === void 0) {
     n = nDefault; }
        if (e === void 0) {
     e = eDefault; }
        this.n = n;
        this.e = e;
        this.userName = userName;
        this.passWord = passWord;
        this.getRSAPassword(this.passWord);
    }
    /*  Get the encrypted password  */
    LoginAndGet.prototype.getRSAPassword = function (originPass) {
    
        var rsa = new RSAKey();
        // Set encryption 
        rsa.setPublic(this.n, this.e);
        // To encrypt 
        this.encodedPassword = rsa.encrypt(originPass);
    };
    /*  Start  */
    LoginAndGet.prototype.start = function () {
    
        this.getIt();
    };
    /*  obtain it Parameters  */
    LoginAndGet.prototype.getIt = function () {
    
        var _this = this;
        axios({
    
            method: 'get',
            url: 'https://ssl.jxufe.edu.cn/cas/login',
            headers: {
    
                'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36'
            }
        }).then(function (data) {
    
            var Data = [];
            Data.push(data.headers['set-cookie'][0].toString().match(/\w*(?=\.)/m).join()); // obtain JSESSIONID
            Data.push(data.headers['set-cookie'][1].toString().match(/\w*(?=;)/m).join()); // obtain sessoinMapKey
            Data.push(cheerio.load(data.data)(":input[name='lt']").attr('value')); // obtain It
            // )
            console.log(" Load the page to get something ", Data);
            return Data;
        }).then(function (data) {
    
            // console.log(data);
            // JSESSIONID 0 Index and  sessoinMapKey 1  and It 2
            _this.loginF(data[2], data[1], data[0], _this.userName, _this.encodedPassword);
        });
    };
    /*  Sign in  */
    LoginAndGet.prototype.loginF = function (lt, sess, jsess, userName, encodedPassword) {
    
        // Transmitted data 
        var data = qs.stringify({
    
            'username': userName,
            'password': encodedPassword,
            'errors': '0',
            '_rememberMe': 'on',
            'cryptoType': '1',
            '_eventId': 'submit',
            'imageCodeName': '',
            'lt': lt
        });
        //axios To configure 
        var config = {
    
            method: 'post',
            url: 'https://ssl.jxufe.edu.cn/cas/login?jsessionid=' + jsess + '.cas_app_2',
            // url: 'https://ssl.jxufe.edu.cn/cas/login',
            headers: {
    
                'Content-Type': 'application/x-www-form-urlencoded',
                'User-Agent': ' Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36',
                'Cookie': 'JSESSIONID=' + jsess + '.cas_app_2;sessoinMapKey=' + sess + '; jxufe_username=' + userName,
                'Referer': 'https://ssl.jxufe.edu.cn/cas/login',
                'Origin': 'https://ssl.jxufe.edu.cn'
            },
            data: data
        };
        // Send a request 
        axios(config)
            .then(function (response) {
    
            var result = cheerio.load(response.data)(".error-massage span").text();
            console.log(" Login result is :" + result);
            console.log('cookie1 by ', response.headers);
        })["catch"](function (error) {
    
            console.log(error);
        });
    };
    return LoginAndGet;
}());
// Test code 
var test = new LoginAndGet('2202140875', 'superBiuBB');
test.start();
原网站

版权声明
本文为[Minor dream]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/181/202206301205461195.html

边栏推荐

猜你喜欢

随机推荐