查查xmd5的密码

[文章作者]zhouzhen[E.s.t]
[信息来源]邪恶八进制信息安全团队 (forum.eviloctal.com)

xmd5 做的不错的md5密码查询站. 记得上次有人想用程序实现xmd5密码查询,结果没有实现.后面我回去研究了一下,有点意思. 有一个磋商cookie的过程. 这个程序写出来好久了, 希望对大家有用. 代码随便写的,有bug大家改改 :)

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <winsock2.h>
#include <windows.h>
#pragma comment(lib, "ws2_32")

char *LocatString(char *start, char *end , char * string)
{
char * sposition=NULL;
char * eposition=NULL;
char * dest=NULL;
sposition = strstr(string, start);
if(sposition == NULL){
printf("faided!1\n");
exit(0);
}
eposition = strstr(sposition, end);
if(eposition == NULL){
printf("failed!2\n");
exit(0);
}

dest = (char *)calloc(100, sizeof(CHAR));
int length = eposition - sposition - strlen(start);
memset(dest, 0, 100);
strncpy(dest,sposition+strlen(start),length-8);
return dest;

}

char *GetResult(char *first, char *last , char * source)
{
char * fposition=NULL;
char * lposition=NULL;
char * result =NULL;
fposition = strstr(source, first);
if(fposition == NULL){
printf("faided!1\n");
exit(0);
}
lposition = strstr(fposition, last);
if(lposition == NULL){
printf("failed!2\n");
exit(0);
}

int length = lposition - fposition - strlen(first);
result = (char *)calloc(length+1, sizeof(CHAR));
memset(result, 0x00 , length+1);
strncpy(result,fposition+strlen(first),length);
return result;

}

char packet[]=
"GET / HTTP/1.1\r\n"
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*\r\n"
"Accept-Language: zh-cn\r\n"
"UA-CPU: x86\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n"
"Host: www.xmd5.org\r\n"
"Connection: Keep-Alive\r\n"
"Cookie: AJSTAT_ok_times=2\r\n"
"\r\n";

char packet_en[]=
"GET /index_en.htm HTTP/1.1\r\n"
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*\r\n"
"Accept-Language: zh-cn\r\n"
"UA-CPU: x86\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n"
"Host: www.xmd5.org\r\n"
"Connection: Keep-Alive\r\n"
"Cookie: AJSTAT_ok_times=2; ";

char packet_user[]=
"GET /md5/userin.asp HTTP/1.1\r\n"
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*\r\n"
"Referer: http://www.xmd5.org/index_en.htm\r\n"
"Accept-Language: zh-cn\r\n"
"UA-CPU: x86\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n"
"Host: www.xmd5.org\r\n"
"Connection: Keep-Alive\r\n"
"Cookie: AJSTAT_ok_times=1; AJSTAT_ok_times=3; AJSTAT_ok_pages=1; ";

char packet_checkmd5[]=
//"GET /md5/md5check.asp?md5pass=49BA59ABBE56E057 HTTP/1.1\r\n"
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*\r\n"
"Referer: http://www.xmd5.org/index_en.htm\r\n"
"Accept-Language: zh-cn\r\n"
"UA-CPU: x86\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n"
"Host: www.xmd5.org\r\n"
"Connection: Keep-Alive\r\n"
"Cookie: AJSTAT_ok_times=1; AJSTAT_ok_times=3; AJSTAT_ok_pages=1; ";

int
main (int argc, char **argv)
{
struct sockaddr_in addr;
struct hostent *he;
int sockfd;
char recvbuf[65535]={0};
char packet1[597]={0};
char packet2[592]={0};
char packet3[619]={0};

char md5hash[17]={0};

if ( (argc != 2) || ((strlen(argv[1]) != 16) && (strlen(argv[1]) != 32)) )
{
printf("\nUsage:getmd5.exe md5hash\n");
printf("Md5Hash must be length 16 or 32\n");
exit(0);
}

if( strlen(argv[1]) == 16) strncpy(md5hash, argv[1], 16);
else strncpy(md5hash, argv[1]+8, 16);

char *cookie =NULL;
WSADATA wsa;
WSAStartup(MAKEWORD(2,0), &wsa);

if ((he = gethostbyname("www.xmd5.org")) == NULL) {
printf("[-] Unable to resolve\n");
exit(0);
}

if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
printf("[-] socket failed\n");
exit(0);
}

addr.sin_family = AF_INET;
addr.sin_port = htons(80);
addr.sin_addr = *((struct in_addr *)he->h_addr);
memset(&(addr.sin_zero), '\0', 8);

if (connect(sockfd, (struct sockaddr *)&addr, sizeof(struct sockaddr)) < 0) {
printf("\n[-] connect failed\n");
exit(0);
}

/////////////////////////////////////////////////////////////////////////////////
if (send(sockfd, packet, sizeof(packet)-1, 0) < 0) {
printf("\n[-] send failed\n");
exit(0);
}

if (recv(sockfd, recvbuf, 65535, 0) < 0){
printf("\n[-] recv failed\n");
exit(0);
}

Sleep(50);
/////////////////////////////////////////////////////////////////////////////////////

cookie = LocatString("Set-Cookie: ", "\r\n", recvbuf);
//    printf("Cookie: %s\n",cookie);

sprintf(packet1,"%s%s\r\nIf-Modified-Since: Mon, 13 Mar 2006 15:27:50 GMT\r\nIf-None-Match: \"68e82eb0b246c61:39f\"\r\n\r\n",packet_en,cookie);
if (send(sockfd, packet1, sizeof(packet1)-1, 0) < 0) {
printf("\n[-] send failed\n");
exit(0);
}

memset(recvbuf, 0, 65535);
if (recv(sockfd, recvbuf, 65535, 0) < 0){
printf("\n[-] recv failed\n");
exit(0);
}

Sleep(500);

/////////////////////////////////////////////////////////////////////////////
sprintf(packet2,"%s%s\r\n\r\n",packet_user,cookie);
if (send(sockfd, packet2, sizeof(packet2)-1, 0) < 0) {
printf("\n[-] send failed\n");
exit(0);
}

memset(recvbuf, 0, 65535);
if (recv(sockfd, recvbuf, 65535, 0) < 0){
printf("\n[-] recv failed\n");
exit(0);
}

Sleep(500);

/////////////////////////////////////////////////////////////////////////////////
sprintf(packet3,"GET /md5/md5check.asp?md5pass=%s HTTP/1.1\r\n%s%s\r\n\r\n",md5hash,packet_checkmd5,cookie);
if (send(sockfd, packet3, sizeof(packet3)-1, 0) < 0) {
printf("\n[-] send failed\n");
exit(0);
}

memset(recvbuf, 0, 65535);
if (recv(sockfd, recvbuf, 65535, 0) < 0){
printf("\n[-] recv failed\n");
exit(0);
}

memset(recvbuf, 0, 65535);
if (recv(sockfd, recvbuf, 65535, 0) < 0){
printf("\n[-] recv failed\n");
exit(0);
}

Sleep(1000);

//////////////////////////////////////////////////////////////////////

char * jieguo= NULL;
jieguo = GetResult("getpass.asp?info=", "\r\n", recvbuf);
printf("\n password is %s\n",jieguo);

free(cookie);
free(jieguo);

return 0;
}

getmd5.rar

相关日志

发表评论