查查xmd5的密码 's

admin
admin
admin
139164
文章
114
评论
2017年4月24日21:34:16评论214 views字数 5893阅读19分38秒阅读模式
摘要

[文章作者]zhouzhen[E.s.t]
[信息来源]邪恶八进制信息安全团队 (forum.eviloctal.com)

[文章作者]zhouzhen[E.s.t]
[信息来源]邪恶八进制信息安全团队 (forum.eviloctal.com)

xmd5 做的不错的md5密码查询站. 记得上次有人想用程序实现xmd5密码查询,结果没有实现.后面我回去研究了一下,有点意思. 有一个磋商cookie的过程. 这个程序写出来好久了, 希望对大家有用. 代码随便写的,有bug大家改改 查查xmd5的密码 's

#include <stdio.h> #include <stdlib.h> #include <string.h> #include <winsock2.h> #include <windows.h> #pragma comment(lib, "ws2_32")  char *LocatString(char *start, char *end , char * string) { char * sposition=NULL; char * eposition=NULL; char * dest=NULL; sposition = strstr(string, start); if(sposition == NULL){ printf("faided!1/n"); exit(0); } eposition = strstr(sposition, end); if(eposition == NULL){ printf("failed!2/n"); exit(0); }  dest = (char *)calloc(100, sizeof(CHAR)); int length = eposition - sposition - strlen(start); memset(dest, 0, 100); strncpy(dest,sposition+strlen(start),length-8); return dest;  }  char *GetResult(char *first, char *last , char * source) { char * fposition=NULL; char * lposition=NULL; char * result =NULL; fposition = strstr(source, first); if(fposition == NULL){ printf("faided!1/n"); exit(0); } lposition = strstr(fposition, last); if(lposition == NULL){ printf("failed!2/n"); exit(0); }  int length = lposition - fposition - strlen(first); result = (char *)calloc(length+1, sizeof(CHAR)); memset(result, 0x00 , length+1); strncpy(result,fposition+strlen(first),length); return result;  }  char packet[]= "GET / HTTP/1.1/r/n" "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*/r/n" "Accept-Language: zh-cn/r/n" "UA-CPU: x86/r/n" "Accept-Encoding: gzip, deflate/r/n" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)/r/n" "Host: www.xmd5.org/r/n" "Connection: Keep-Alive/r/n" "Cookie: AJSTAT_ok_times=2/r/n" "/r/n";  char packet_en[]= "GET /index_en.htm HTTP/1.1/r/n" "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*/r/n" "Accept-Language: zh-cn/r/n" "UA-CPU: x86/r/n" "Accept-Encoding: gzip, deflate/r/n" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)/r/n" "Host: www.xmd5.org/r/n" "Connection: Keep-Alive/r/n" "Cookie: AJSTAT_ok_times=2; ";  char packet_user[]= "GET /md5/userin.asp HTTP/1.1/r/n" "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*/r/n" "Referer: http://www.xmd5.org/index_en.htm/r/n" "Accept-Language: zh-cn/r/n" "UA-CPU: x86/r/n" "Accept-Encoding: gzip, deflate/r/n" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)/r/n" "Host: www.xmd5.org/r/n" "Connection: Keep-Alive/r/n" "Cookie: AJSTAT_ok_times=1; AJSTAT_ok_times=3; AJSTAT_ok_pages=1; ";  char packet_checkmd5[]= //"GET /md5/md5check.asp?md5pass=49BA59ABBE56E057 HTTP/1.1/r/n" "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*/r/n" "Referer: http://www.xmd5.org/index_en.htm/r/n" "Accept-Language: zh-cn/r/n" "UA-CPU: x86/r/n" "Accept-Encoding: gzip, deflate/r/n" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)/r/n" "Host: www.xmd5.org/r/n" "Connection: Keep-Alive/r/n" "Cookie: AJSTAT_ok_times=1; AJSTAT_ok_times=3; AJSTAT_ok_pages=1; ";  int main (int argc, char **argv) { struct sockaddr_in addr; struct hostent *he; int sockfd; char recvbuf[65535]={0}; char packet1[597]={0}; char packet2[592]={0}; char packet3[619]={0};  char md5hash[17]={0};  if ( (argc != 2) || ((strlen(argv[1]) != 16) && (strlen(argv[1]) != 32)) ) { printf("/nUsage:getmd5.exe md5hash/n"); printf("Md5Hash must be length 16 or 32/n"); exit(0); }  if( strlen(argv[1]) == 16) strncpy(md5hash, argv[1], 16); else strncpy(md5hash, argv[1]+8, 16);  char *cookie =NULL; WSADATA wsa; WSAStartup(MAKEWORD(2,0), &wsa);  if ((he = gethostbyname("www.xmd5.org")) == NULL) { printf("[-] Unable to resolve/n"); exit(0); }  if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { printf("[-] socket failed/n"); exit(0); }  addr.sin_family = AF_INET; addr.sin_port = htons(80); addr.sin_addr = *((struct in_addr *)he->h_addr); memset(&(addr.sin_zero), '/0', 8);  if (connect(sockfd, (struct sockaddr *)&addr, sizeof(struct sockaddr)) < 0) { printf("/n[-] connect failed/n"); exit(0); }  ///////////////////////////////////////////////////////////////////////////////// if (send(sockfd, packet, sizeof(packet)-1, 0) < 0) { printf("/n[-] send failed/n"); exit(0); }  if (recv(sockfd, recvbuf, 65535, 0) < 0){ printf("/n[-] recv failed/n"); exit(0); }  Sleep(50); /////////////////////////////////////////////////////////////////////////////////////  cookie = LocatString("Set-Cookie: ", "/r/n", recvbuf); //    printf("Cookie: %s/n",cookie);  sprintf(packet1,"%s%s/r/nIf-Modified-Since: Mon, 13 Mar 2006 15:27:50 GMT/r/nIf-None-Match: /"68e82eb0b246c61:39f/"/r/n/r/n",packet_en,cookie); if (send(sockfd, packet1, sizeof(packet1)-1, 0) < 0) { printf("/n[-] send failed/n"); exit(0); }  memset(recvbuf, 0, 65535); if (recv(sockfd, recvbuf, 65535, 0) < 0){ printf("/n[-] recv failed/n"); exit(0); }  Sleep(500);  ///////////////////////////////////////////////////////////////////////////// sprintf(packet2,"%s%s/r/n/r/n",packet_user,cookie); if (send(sockfd, packet2, sizeof(packet2)-1, 0) < 0) { printf("/n[-] send failed/n"); exit(0); }  memset(recvbuf, 0, 65535); if (recv(sockfd, recvbuf, 65535, 0) < 0){ printf("/n[-] recv failed/n"); exit(0); }  Sleep(500);  ///////////////////////////////////////////////////////////////////////////////// sprintf(packet3,"GET /md5/md5check.asp?md5pass=%s HTTP/1.1/r/n%s%s/r/n/r/n",md5hash,packet_checkmd5,cookie); if (send(sockfd, packet3, sizeof(packet3)-1, 0) < 0) { printf("/n[-] send failed/n"); exit(0); }  memset(recvbuf, 0, 65535); if (recv(sockfd, recvbuf, 65535, 0) < 0){ printf("/n[-] recv failed/n"); exit(0); }  memset(recvbuf, 0, 65535); if (recv(sockfd, recvbuf, 65535, 0) < 0){ printf("/n[-] recv failed/n"); exit(0); }  Sleep(1000);  //////////////////////////////////////////////////////////////////////  char * jieguo= NULL; jieguo = GetResult("getpass.asp?info=", "/r/n", recvbuf); printf("/n password is %s/n",jieguo);  free(cookie); free(jieguo);  return 0; }

getmd5.rar

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2017年4月24日21:34:16
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   查查xmd5的密码 'shttps://cn-sec.com/archives/49154.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息