ога ога )))) $server="127.0.0.1"; ### Удаленный сервер print $socket "Referer: http://support.microsoft.com/n";
хех.. вы бы почитали о том, что это за скрипт, и о том, что он делает... вообще-то он брутит сайт с Basic authorisation, а не аськи=)
насколько всем известно, под номером/паролем мона логинится не только с клиента, но и с сайта ИСQ, потому приведеный выше скрипт не лишен смысла.. а вот еще один ############################################################ # MD5BFCPF 'MD5 Brute Force Cracker in Perl with Forking' # # Written by Michael Stankiewicz # # Brainstorming-help by Roberto D. Maggi # # Ver 0.1.0 # # 2002 01 31 # # Software under GNU General Public License (GPL)(II Ver.) # ############################################################ # For bugs and suggestions please e-mail me at # # [email protected] # ############################################################ #### FUNCTIONS DEFINITION ################################## #Function called when SIGNAL ALARM ('SIG{ALRM}') occurs sub timed_out { $total_probed+=$co; $co = $co / $user_probes; print "Probed $total_probed passwords \@ $co\/sec. Now probing: $probe_string\n"; $co=0; if ($probes_found) { alarm ($user_probes); } } #This prints the help, when '-h --help' switch is choosen sub help { print "MD5BFCPF \'MD5 Brute Force Cracker in Perl with Forking\' (Version 0.1.0)\n"; print "Usage: perl md5bfcpf-0.1.0.pl [OPTIONS] [FILE]\n"; print "Options:\n"; print "-h, --help Display this text and exit.\n"; print "-v, --version Print version number and exit.\n"; print "-k, --keys [integer] Specify the number of chars on which probe.\n"; print "-p, --probes [integer] Prints the probes every [integer] seconds.\n"; print "-d, --dictionary [filename] Uses given [filename] for generating probes.\n"; print "-u, --user Specify one or more users\n"; print "---- [i.e. 'perl md5bfcpf-0.1.0.pl -u root -u mike -u bill [FILENAME]'\n"; print "-c, --charset Specify one or more charsets BETWEEN:\n"; print " all [default]\n"; print " alpha\n"; print " alpha_lowercase\n"; print " alpha_uppercase\n"; print " numeric\n"; print " symbols\n"; print "---- [i.e. 'perl md5bfcpf-0.1.0.pl -c alpha_lowercase -c numeric [FILENAME]'\n"; print "###\n"; print "Remember: cracking others computer is illegal!!!\n"; print "Disclaimer: The author does NOT take responsabilities for what you do with this software!!!\n"; print "###\n"; print "---Have fun!\n"; } #This occurs when no arguments is given sub usage { print "Usage: perl md5bfcpf [OPTIONS] [FILENAME]\n"; print "Try `perl md5bfcpf --help' for more information.\n"; } #This adds to the @charset array the lowercase characters sub alpha_lowercase { push (@charset, "a"); push (@charset, "b"); push (@charset, "c"); push (@charset, "d"); push (@charset, "e"); push (@charset, "f"); push (@charset, "g"); push (@charset, "h"); push (@charset, "i"); push (@charset, "j"); push (@charset, "k"); push (@charset, "l"); push (@charset, "m"); push (@charset, "n"); push (@charset, "o"); push (@charset, "p"); push (@charset, "q"); push (@charset, "r"); push (@charset, "s"); push (@charset, "t"); push (@charset, "u"); push (@charset, "v"); push (@charset, "w"); push (@charset, "x"); push (@charset, "y"); push (@charset, "z"); } #This adds to the @charset array the uppercase characters sub alpha_uppercase { push (@charset, "A"); push (@charset, "B"); push (@charset, "C"); push (@charset, "D"); push (@charset, "E"); push (@charset, "F"); push (@charset, "G"); push (@charset, "H"); push (@charset, "I"); push (@charset, "J"); push (@charset, "K"); push (@charset, "L"); push (@charset, "M"); push (@charset, "N"); push (@charset, "O"); push (@charset, "P"); push (@charset, "Q"); push (@charset, "R"); push (@charset, "S"); push (@charset, "T"); push (@charset, "U"); push (@charset, "V"); push (@charset, "W"); push (@charset, "X"); push (@charset, "Y"); push (@charset, "Z"); } #This adds to the @charset array the numeric characters sub numeric { push (@charset, "0"); push (@charset, "1"); push (@charset, "2"); push (@charset, "3"); push (@charset, "4"); push (@charset, "5"); push (@charset, "6"); push (@charset, "7"); push (@charset, "8"); push (@charset, "9"); } #This adds to the @charset array the other characters (to be completed) sub symbols { push (@charset, "!"); push (@charset, "\""); push (@charset, "Ј"); push (@charset, "\$"); push (@charset, "%"); push (@charset, "\&"); push (@charset, "/"); push (@charset, "\("); push (@charset, "\)"); push (@charset, "="); } #### END OF FUNCTION DEFINITION ############################ #### COMMAND LINE PARSER ################################### #Every 'for' block parses the command line arguments, given by the @ARGV array if ($ARGV[0] ne "") { #This prints out the help for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-h") || ($ARGV[$argv_counter] eq "--help")) { &help(); exit; } } #This prints out the version for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-v") || ($ARGV[$argv_counter] eq "--version")) { print "MD5BFCPF \'MD5 Brute Force Cracker in Perl with Forking\'\n"; print "Version 0.1.0\n"; exit; } } #This checks if '-k --keys' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-k") || ($ARGV[$argv_counter] eq "--keys")) { $keys_found=1; $keys=$ARGV[$argv_counter+1]; #And if it is a valid choice (to do: regexp to check valid input) if ($keys == 0) { print "!!!\n"; print "Warning: Please enter an integer greater than 0\n"; exit; } } } #This checks if '-p --probes' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-p") || ($ARGV[$argv_counter] eq "--probes")) { $probes_found=1; $user_probes = $ARGV[$argv_counter+1] } } #This checks if '-d --dictionary' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-d") || ($ARGV[$argv_counter] eq "--dictionary")) { $dictionary_found=1; $dictionary_file = $ARGV[$argv_counter+1] } } #Default for probe printing time if no custom is given: half an hour if (!$probes_found) { $user_probes = 1800; print "Working... status will be printed every 30 minutes\n"; } #This checks if '-c --charset' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-c") || ($ARGV[$argv_counter] eq "--charset")) { #This block checks which kind of charset was choosen #And adds the relative charset to '@charset' array with functions above if ($ARGV[$argv_counter+1] eq "all") { $all_found=1; } if ($ARGV[$argv_counter+1] eq "alpha") { $alpha_found=1; &alpha_lowercase(); &alpha_uppercase(); } if ($ARGV[$argv_counter+1] eq "alpha_lowercase") { $alpha_lowercase_found=1; &alpha_lowercase(); } if ($ARGV[$argv_counter+1] eq "alpha_uppercase") { $alpha_uppercase_found=1; &alpha_uppercase(); } if ($ARGV[$argv_counter+1] eq "numeric") { $numeric_found=1; &numeric(); } if ($ARGV[$argv_counter+1] eq "symbols") { $symbols_found=1; &symbols(); } } } #This checks if '-u --user' switch is given for ($argv_counter=0; $ARGV[$argv_counter]; $argv_counter++) { if (($ARGV[$argv_counter] eq "-u") || ($ARGV[$argv_counter] eq "--users")) { $users_found=1; push(@users, $ARGV[$argv_counter+1]); } } } #This prints out the usage if no argument is given if ($ARGV[0] eq "") { &usage(); exit; } #### END OF COMMAND LINE PARSER ############################ #### BEGIN OF CODE ######################################### #Controls if no user-defined charser is given if ((!$all_found) && (!$alpha_found) && (!$alpha_uppercase_found) && (!$alpha_lowercase_found) && (!$numeric_found) && (!$symbols_found)) { &alpha_uppercase(); &alpha_lowercase(); &numeric(); &symbols(); } #Controls if user-defined 'all' charser is given if (($all_found) && (!$alpha_found) && (!$alpha_uppercase_found) && (!$alpha_lowercase_found) && (!$numeric_found) && (!$symbols_found)) { &alpha_uppercase(); &alpha_lowercase(); &numeric(); &symbols(); } #Counts the items in the charset array $charset_items=$#charset; #Open the file containing shadows, taking from last command line argument open(shadow_file, "<$ARGV[-1]") or die "Error in reading \'$ARGV[-1]\' check if file exists!!!\n"; while($shadow_file_string=<shadow_file>) { #Regexp that gets usernames,salts and shadows if ($shadow_file_string =~ /^(.*?)\$1\$.*?)\$(.*?):/i) { push(@file_users,$1); push(@salts,$2); push(@shadows,$3); } } close(shadow_file); #If no custom users is given, copy @file_users in @users if (!$users_found) { foreach (@file_users) { push (@users,$_); } } #If custom users is given, populate @custom_salts and #@custom_shadows with corrispective in @salts and @shadows if ($users_found) { #This checks if all given users are found in the shadow file $user_counter=0; while ($users[$user_counter]) { $file_counter=0; $user_ok=0; while ($file_users[$file_counter]) { if ($users[$user_counter] eq $file_users[$file_counter]) { $user_ok=1; } $file_counter++; } $user_counter++; if ($user_ok == 0) { print "Error: custom users not found, check file '$ARGV[-1]'\n"; exit; } } #This eliminates users not selected from @users, @salts and @shadows arrays, for speed up #Only if user custom users are given (i.e.: -u root) $user_counter=0; while ($users[$user_counter]) { $file_counter=0; while ($file_users[$file_counter]) { $counter=0; if ($file_users[$file_counter] eq $users[$user_counter]) { if ($salts[$file_counter] ne "") { push (@custom_salts,$salts[$file_counter]); } if ($salts[$file_counter] eq "") { print "Error: user $file_users[$file_counter] has bad salt format in file \'$ARGV[-1]\'\n"; exit; } if ($shadows[$file_counter] ne "") { push (@custom_shadows,$shadows[$file_counter]); } if ($shadows[$file_counter] eq "") { print "Error: user $file_users[$file_counter] has bad shadow format in file \'$ARGV[-1]\'\n"; exit; } } $file_counter++; } $counter++; $user_counter++; } $counter=0; #Destroy the '@salts' array and replace with '@custom_salts' array #In that way the probes is done only on given users while ($salts[$counter]) { $salts[$counter]=0; $salts[$counter]=$custom_salts[$counter]; $counter++; } $counter=0; #Destroy the '@shadows' array and replace with '@custom_shadows' array while ($shadows[$counter]) { $shadows[$counter]=0; $shadows[$counter]=$custom_shadows[$counter]; $counter++; } } #Define the action to perform when alarm event occurs (calls the 'timed_out' function) #Thanks to 'Tom Christiansen' and Oreilly's book 'Advanced Perl Programming' for this workaround $SIG{ALRM} = \&timed_out; alarm ($user_probes); #Counter of probes $co=0; #Here starts the show if ((!$keys_found) and (!$dictionary_found)) { #Loops as many times as the number of elements in the '@charset' array while ($#charset_step_inc <= $#charset) { push (@charset_step_inc, 0); $a=0; while ($charset_step_inc[$a]) { $charset_step_inc[$a]=0; $a++; } THE_LOOP: while () { $t=0; $modified=0; foreach (@charset_step_inc) { if (($charset_step_inc[$t] < $charset_items) && (!$modified)) { $probe_string=""; for ($i=0;$i<=$#charset_step_inc;$i++) { $probe_string.=@charset[$charset_step_inc[$i]]; } $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; #This deletes the user of which we own the password from the list of users in the '@users' array $users[$pwd_track]=""; $aybabtu=0; #This checks if there are still users to probe on foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } $charset_step_inc[$t]++; if ($charset_step_inc[$t] => $charset_items) { $d=0; while ($d != $t) { $charset_step_inc[$d]=0; $d++; } } $modified=1; } $t++; } $end_value=0; #If no more characters to be probe are found, $end_value will be void and THE_LOOP will exit foreach (@charset_step_inc) { if ($_ != $charset_items) { $end_value++; } } last THE_LOOP if $end_value==0; } $probe_string=""; foreach (@charset_step_inc) { $probe_string.=$charset[-1]; } $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; $users[$pwd_track]=""; $aybabtu=0; foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } } } #This block occurs if '-k --keys' switch is given if (($keys_found) and (!$dictionary_found)) { for ($v=1;$v<=$keys;$v++) { push(@charset_step_inc, 0); } THE_LOOP: while () { $t=0; $modified=0; foreach (@charset_step_inc) { if (($charset_step_inc[$t] < $charset_items) && (!$modified)) { $probe_string=""; for ($i=0;$i<=$#charset_step_inc;$i++) { $probe_string.=$charset[$charset_step_inc[$i]]; } $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; $users[$pwd_track]=""; $aybabtu=0; foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } $charset_step_inc[$t]++; if ($charset_step_inc[$t] => $charset_items) { $d=0; while ($d != $t) { $charset_step_inc[$d]=0; $d++; } } $modified=1; } $t++; } $end_value=0; foreach (@charset_step_inc) { if ($_ != $charset_items) { $end_value++; } } last THE_LOOP if $end_value==0; } $probe_string=""; foreach (@charset_step_inc) { $probe_string.=$charset[-1]; } $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; $users[$pwd_track]=""; $aybabtu=0; foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } $total_probed+=$co; print "\n\nProbed: $total_probed passwords\n"; } #This block occurs if '-d --dictionary' switch is given if ($dictionary_found) { open(dic_file, "<$dictionary_file") or die "Error in reading \'$dictionary\' check if file exists!!!\n"; #The use of chomp() function is to avoid the 'carriage return' characther to be part of the probe while (chomp($probe_string = <dic_file>)) { $pwd_track=0; foreach (@users) { if ($users[$pwd_track] ne "") { $pwd_probe=crypt($probe_string,$salts[$pwd_track]); $co++; if ($pwd_probe eq $salts[$pwd_track]."\$".$shadows[$pwd_track]) { print "\n\nFOUND PASSWORD FOR USER: $users[$pwd_track] PASSWD: $probe_string\n"; $users[$pwd_track]=""; $aybabtu=0; foreach (@users) { if ($_ ne "") { $aybabtu=1; } } if (!$aybabtu) { print "\n\nFound all given passwords, exiting\n"; exit; } } } $pwd_track++; } } $total_probed+=$co; print "\n\nProbed: $total_probed passwords\n"; close(dic_file); }
