01-实战案例
通过前面学习基本掌握C#的编程基础,下面做一个Windows窗口应用程序进行实战练习
01-窗体设计
都是前面章节中基本控件
02-功能设计
功能分为三部分:
1-MD5加密
2-暴力破解
3-字典攻击
03-代码实现
01-MD5加密
给“加密运算”按钮添加点击事件
privatevoidbutton1_Click(object sender, EventArgs e){if (txtEncryptBright.Text.Trim() == string.Empty) { MessageBox.Show("明文不能为空", "提示"); txtEncryptBright.Focus();return; } txtEncryptMd5.Text = EncodeMD5(txtEncryptBright.Text).Replace("-", ""); }
EncodeMD5函数实现加密算法
public string EncodeMD5(string originalString){ Byte[] originalBytes; Byte[] encodedBytes; MD5 md5 = newMD5CryptoServiceProvider(); originalBytes = ASCIIEncoding.Default.GetBytes(originalString); encodedBytes = md5.ComputeHash(originalBytes);return BitConverter.ToString(encodedBytes); }
02-暴力破解
给“开始”按钮添加点击事件
privatevoidbutton2_Click(object sender, EventArgs e){//校验选项if (txtMD5.Text.Trim().Length != 32) { MessageBox.Show("密文不是32位", "提示");return; }if (int.TryParse(txtLowerLimit.Text, out MINLENGTH) == false ||int.TryParse(txtUpperLimit.Text, out MAXLENGTH) == false) { MessageBox.Show("最大最小长度必须是整数", "提示");return; }if (MINLENGTH > 16 || MAXLENGTH > 16) { MessageBox.Show("最大最小长度不能大于16位", "提示");return; }if (MINLENGTH > MAXLENGTH) { MessageBox.Show("最小长度不能大于最大长度", "提示");return; }if (chkLower.Checked == false && chkUpper.Checked == false && chkNumeric.Checked == false && chkSpecial.Checked == false) { MessageBox.Show("至少选择一个字符集", "提示");return; }//锁定选项LockForm();CreateCharacterArray();//创建字符数组 SEARCHINGMD5 = ""; string mashup = txtMD5.Text.Trim().ToUpper();for (int i = 0; i < mashup.Length; i += 2) { SEARCHINGMD5 += mashup.Substring(i, 2); SEARCHINGMD5 += "-"; } SEARCHINGMD5 = SEARCHINGMD5.Substring(0, SEARCHINGMD5.Length - 1); BackThreadRunning = true; MatchFound = false; t = newThread(BruteForceProcess); t.Start();//BruteForceProcess(); }
判断选项后,锁定选项窗口,然后开启t线程,启动BruteForceProcess开始破解
privatevoidBruteForceProcess(){ DateTime startTime = DateTime.Now;try { SB = newStringBuilder(); TotalAttempts = 0; PossibleCombos = 0;for (int i = 1; i <= MAXLENGTH; i++) { PossibleCombos += (ulong)Math.Pow((double)CharsToUse.Length, (double)i); }PopulateCharArray(MINLENGTH); CurrentLength = MINLENGTH;for (int outerCount = MINLENGTH; outerCount <= MAXLENGTH; outerCount++) {CycleChar(0);if (BackThreadRunning == false)break;//Increase word length CurrentLength++;PopulateCharArray(CurrentLength); } }catch (Exception ex) { BackThreadRunning = false; MessageBox.Show("错误!n" + ex.Message, "异常"); } finally {//SW.Close(); } DateTime endTime = DateTime.Now; TimeSpan ts = endTime - startTime;int secondsTaken = ts.Seconds;////If we haven't abortedif (BackThreadRunning == true) { MessageBox.Show("破解失败。耗时:" + secondsTaken.ToString(), "提示"); }elseif (BackThreadRunning == false && MatchFound == true) { MessageBox.Show("破解成功。耗时:" + secondsTaken.ToString(), "提示"); } BackThreadRunning = false; }
计算每秒尝试破解次数和剩余时间,使用Timer控件的Tick事件向状态信息中输出
privatevoidtmrMain_Tick(object sender, EventArgs e){ lblStatus.Visible = true;try { txtResume.Text = SB.ToString();if (MatchFound == true) { txtResume.Text = SB.ToString();UnlockForm();return; }elseif (BackThreadRunning == false) {UnlockForm();return; } lblStatus.Text = "每秒尝试: " + AttemptsPerSecond.ToString(); SecondsToComplete = (PossibleCombos - TotalAttempts) / AttemptsPerSecond;//Less than minuteif (SecondsToComplete < 60) { lblStatus.Text += " 剩余时间: " + SecondsToComplete.ToString() + " 秒"; }//Less than hourelseif (SecondsToComplete < 3600) { TimeEstimate = (double)SecondsToComplete / 60; lblStatus.Text += " 剩余时间: " + TimeEstimate.ToString("0.00") + " 分"; }//Less than dayelseif (SecondsToComplete < 86400) { TimeEstimate = (double)SecondsToComplete / 3600; lblStatus.Text += " 剩余时间: " + TimeEstimate.ToString("0.00") + " 小时"; }//Less than a yearelseif (SecondsToComplete < 31536000) { TimeEstimate = (double)SecondsToComplete / 86400; lblStatus.Text += " 剩余时间: " + TimeEstimate.ToString("0.00") + " 天"; }//A year or moreelse { TimeEstimate = (double)SecondsToComplete / 31536000; lblStatus.Text += " 剩余时间: " + TimeEstimate.ToString("0.00") + " 年"; } AttemptsPerSecond = 0; }catch { lblStatus.Visible = false; } }
给“停止破解”按钮添加点击事件,停止t线程,解锁窗体
privatevoidbtnAbort_Click(object sender, EventArgs e){ t.Interrupt(); BackThreadRunning = false;UnlockForm(); }
03-字典攻击
给“导入字典文件”按钮添加点击事件
privatevoidbutton4_Click(object sender, EventArgs e){ OpenFileDialog fdlg = newOpenFileDialog(); fdlg.Title = "打开字典文件"; fdlg.InitialDirectory = Path.GetFullPath("./"); fdlg.Filter = "Txt files (*.txt)|*.txt"; fdlg.FilterIndex = 1; fdlg.RestoreDirectory = true;if (fdlg.ShowDialog() == DialogResult.OK) { txtDictionaryPath.Text = fdlg.FileName; } }
获得字典文件路径
给“开始破解”按钮添加点击事件
privatevoidbutton5_Click(object sender, EventArgs e){if (txtDictionaryPath.Text.Trim() == "") { MessageBox.Show("请导入字典文件"); }elseif (txtDictionaryMd5.Text.Trim() == string.Empty) { MessageBox.Show("Md5码不能为空", "提示"); txtDictionaryMd5.Focus();return; } {try { threadMd5 = newThread(newThreadStart(LoadDictionary)); threadMd5.Start(); btnDictionaryStart.Enabled = false; btnDictionaryStop.Enabled = true; }catch { MessageBox.Show("请导入正确的字典文件"); } } }
新建线程启动LoadDictionary
voidLoadDictionary(){ string path = txtDictionaryPath.Text; StreamReader result = newStreamReader(@path);while (!result.EndOfStream) { string password = ""; txtDictionaryBright.Text = "";//获取字典里的字 string word = result.ReadLine(); byte[] bytes = UTF8Encoding.UTF8.GetBytes(word.ToString());//UTF8需要对Text的引用 MD5CryptoServiceProvider objMD5 = newMD5CryptoServiceProvider(); byte[] output = objMD5.ComputeHash(bytes); string str = BitConverter.ToString(output); string[] strArray = str.Split('-'); foreach (string item in strArray) { password = password + item; } label14.Text= "尝试密码:"+ word.ToString();//判断Md5是否匹配正确(转为大写再比较) string md5 = txtDictionaryMd5.Text.ToUpper();if (password.Equals(md5)) { txtDictionaryBright.Text = word.ToString(); Thread.Sleep(1000); btnDictionaryStart.Enabled = true; btnDictionaryStop.Enabled = false; threadMd5.Abort(); } } }
向状态栏输出正在破解的密码
04-总结
上一个功能演示图
主要使用了Windows窗体常用控件,以及基本的C#编程,也使用到了新建线程,其他简单函数实现就没完全写出来,代码比较乱,后面需要把常用的功能函数梳理出来,方便调用减少冗余
功能上很简单也很鸡肋,暴力破解复杂密码时耗时太长,有点用的是字典攻击,但速度也是不快,全当练习
原文始发于微信公众号(高级红队专家):【HCD-07】实战:MD5破解工具箱
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论