find_password.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 /* Find passwords ... */
11 /* We do it in a brute force way ... Cycle through all the possible passwords
12  sending a logon to see if all it works ... We have to wait for any timeout
13  the the server implements before we try the next one. We could open lots
14  of connections to the server and then send the logon request and not wait
15  for the reply. This would allow us to have lots of outstanding attempts at
16  a time. */
17 
18 #include <sys/types.h>
19 #include <unistd.h>
20 #if HAVE_STRING_H
21 #include <string.h>
22 #endif
23 
24 #include "smblib/smblib.h"
25 
26 int verbose = FALSE;
27 int lotc = FALSE;
28 
29 char *SMB_Prots[] = {"PC NETWORK PROGRAM 1.0",
30  "MICROSOFT NETWORKS 1.03",
31  "MICROSOFT NETWORKS 3.0",
32  "LANMAN1.0",
33  "LM1.2X002",
34  "LANMAN2.1",
35  "NT LM 0.12",
36  "NT LANMAN 1.0",
37  NULL
38  };
39 
40 void usage()
41 
42 {
43  fprintf(stderr,"Usage: find_password -u <user> -l <pwd-len-max> server\n");
44 }
45 
46 /* figure out next password */
47 
48 static int pwinit = FALSE, pwpos = 0;
49 
50 int next_password(char *pw, int pwlen)
51 
52 {
53  int i, carry = FALSE;
54 
55  if (pwinit == FALSE) {
56 
57  pwinit = TRUE;
58  memset(pw, 0, pwlen + 1);
59  pwpos = 0;
60 
61  }
62 
63  i = pwpos;
64 
65  while (TRUE) {
66 
67  pw[i] = pw[i] + 1;
68 
69  /* If it has wrapped around, then inc to 1 and carry up the chain */
70 
71  if (pw[i] == 0) {
72 
73  pw[i] = 1;
74  i = i - 1;
75 
76  if (i < 0) { /* If we went off the end, increment pwpos */
77 
78  pwpos = pwpos + 1;
79  if (pwpos >= pwlen) return(FALSE); /* No more passwords */
80 
81  pw[pwpos] = 1;
82  return(TRUE);
83 
84  }
85 
86  } else
87  return(TRUE);
88 
89  return(FALSE);
90  }
91 }
92 
93 static char pwd_str[1024]; /* Where we put passwords as we convert them */
94 
95 char *print_password(char * password)
96 
97 {
98  int i,j;
99  char temp[4];
100 
101  j = 0;
102 
103  for (i = 0; i < strlen(password); i++) {
104 
105  if (((unsigned)password[i] <= ' ') || ((unsigned)password[i] > 127)) {
106 
107  pwd_str[j] = '\\';
108  snprintf(temp, sizeof(temp)-1, "%03i", (int)password[i]);
109  strcpy(&pwd_str[j + 1], temp);
110  j = j + 3; /* Space for \ accounted for below */
111 
112  } else
113  pwd_str[j] = password[i];
114 
115  j = j + 1;
116 
117  }
118 
119  pwd_str[j] = 0; /* Put a null on the end ... */
120 
121  return(pwd_str);
122 
123 }
124 
125 main(int argc, char *argv[])
126 
127 {
128  void *con, *tree;
129  extern char *optarg;
130  extern int optind;
131  int opt, error, SMB_Error, err_class, err_code, pwlen, tries = 0;
132  char server[80], service[80], service_name[160], password[80], username[80];
133  char old_password[80], err_string[1024];
134 
135  server[0] = 0;
136  strncpy(service, "IPC$", sizeof(service) - 1);
137  service_name[0] = 0;
138  username[0] = 0;
139  password[0] = 0;
140  old_password[0] = 0;
141 
142  while ((opt = getopt(argc, argv, "s:u:l:v")) != EOF) {
143 
144  switch (opt) {
145  case 's':
146 
147  strcpy(service, optarg);
148  break;
149 
150  case 'u': /* Pick up the user name */
151 
152  strncpy(username, optarg, sizeof(username) - 1);
153  break;
154 
155  case 'l': /* pick up password len */
156 
157  pwlen = atoi(optarg);
158  break;
159 
160  case 'v': /* Verbose? */
161  verbose = TRUE;
162  break;
163 
164  default:
165 
166  usage();
167  exit(1);
168  break;
169  }
170 
171  }
172 
173  if (optind < argc) { /* Some more parameters, assume is the server */
174  strncpy(server, argv[optind], sizeof(server) - 1);
175  optind++;
176  } else {
177  strcpy(server, "nemesis");
178  }
179 
180  if (verbose == TRUE) { /* Print out all we know */
181 
182  fprintf(stderr, "Finding password for User: %s, on server: %s\n",
183  username, server);
184  fprintf(stderr, "with a pwlen = %i\n", pwlen);
185 
186  }
187 
188  SMB_Init(); /* Initialize things ... */
189 
190  /* We connect to the server and negotiate */
191 
192  con = SMB_Connect_Server(NULL, server);
193 
194  if (con == NULL) { /* Error processing */
195 
196  fprintf(stderr, "Unable to connect to server %s ...\n", server);
197 
199 
200  SMB_Error = SMB_Get_Last_SMB_Err();
202  SMBlib_Error_Code(SMB_Error),
203  err_string,
204  sizeof(err_string) - 1);
205 
206  } else {
207  SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1);
208  }
209 
210  printf(" %s\n", err_string);
211  exit(1);
212 
213  }
214 
215  /* We need to negotiate a protocol better than PC NetWork Program */
216 
217  if (SMB_Negotiate(con, SMB_Prots) < 0) {
218 
219  fprintf(stderr, "Unable to negotiate a protocol with server %s ...\n",
220  server);
221 
223 
224  SMB_Error = SMB_Get_Last_SMB_Err();
226  SMBlib_Error_Code(SMB_Error),
227  err_string,
228  sizeof(err_string) - 1);
229 
230  } else {
231  SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1);
232  }
233 
234  printf(" %s\n", err_string);
235  exit(1);
236 
237  }
238 
239  sprintf(service_name, sizeof(service_name)-1, "\\\\%s\\%s", server, service); /* Could blow up */
240 
241  /* Now loop through all password possibilities ... */
242 
243  memset(password, 0, sizeof(password));
244 
245  while (next_password(password, pwlen) == TRUE) {
246 
247  if ((tree = SMB_Logon_And_TCon(con,
248  NULL,
249  username,
250  password,
251  service_name, "?????")) == NULL) {
252 
253  if (verbose == TRUE) { /* Lets hear about the error */
254 
255  fprintf(stderr, "Unable to logon and tree connect to server %s ...\n",
256  server);
257  fprintf(stderr, "With username: %s, and password: %s\n",
258  username, print_password(password));
259 
261 
262  SMB_Error = SMB_Get_Last_SMB_Err();
264  SMBlib_Error_Code(SMB_Error),
265  err_string,
266  sizeof(err_string) - 1);
267 
268  } else {
269  SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1);
270  }
271 
272  printf(" %s\n", err_string);
273 
274  }
275  } else { /* Password match */
276 
277  fprintf(stderr, "Logged in with password:%s\n",
278  print_password(password));
279 
280  /* Exit now ... */
281 
282  exit(0);
283 
284  }
285 
286  }
287 
288  fprintf(stderr, "Passwords exhausted.");
289 
290 }
291 
static const char * err_string
Definition: ipc_win32.cc:53
int SMB_Get_Last_Error()
Definition: smblib-util.c:755
int SMB_Get_Last_SMB_Err()
Definition: smblib-util.c:766
SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type Con_Handle, const char *server, const char *NTdomain)
Definition: smblib.c:101
void usage()
Definition: find_password.c:40
int SMB_Get_SMB_Error_Msg(int err_class, int err_code, char *msg_buf, int len)
Definition: smb-errors.c:163
void error(char *format,...)
int i
Definition: membanger.c:49
int verbose
Definition: find_password.c:26
#define SMBlib_Error_Class(p)
Definition: smblib-common.h:44
void SMB_Get_Error_Msg(int msg, char *msgbuf, int len)
Definition: smblib-util.c:798
int SMB_Logon_And_TCon(SMB_Handle_Type Con_Handle, char *UserName, char *PassWord, char *service, char *service_type)
Definition: bad-chain.c:44
static int pwpos
Definition: find_password.c:48
static char pwd_str[1024]
Definition: find_password.c:93
int getopt(int nargc, char *const *nargv, const char *ostr)
Definition: getopt.c:62
main(int argc, char *argv[])
#define TRUE
Definition: std-includes.h:55
int SMB_Negotiate(SMB_Handle_Type Con_Handle, const char *Prots[])
Definition: smblib-util.c:239
static int pwinit
Definition: find_password.c:48
int SMB_Init()
Definition: smblib.c:67
int optind
Definition: getopt.c:48
int next_password(char *pw, int pwlen)
Definition: find_password.c:50
#define FALSE
Definition: std-includes.h:56
static char server[MAXLINE]
char * print_password(char *password)
Definition: find_password.c:95
char * SMB_Prots[]
Definition: find_password.c:29
int lotc
Definition: find_password.c:27
SBuf service_name(APP_SHORTNAME)
#define SMBlibE_Remote
char * optarg
Definition: getopt.c:51
#define NULL
Definition: types.h:166
#define SMBlib_Error_Code(p)
Definition: smblib-common.h:48

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors