Alternative brute force password cracking (figure)

Comments: The gray pigeon is no stranger to everyone. His powerful functions make everyone easy. Today I will mainly discuss how to crack the connection password of the gray pigeon. The following methods are mainly used for the 2005 gray pigeon. 1. Catch up with the encrypted connection password first I will configure a pigeon server on the local machine. The domain name uses xtaflf.vicp.net and the connection password is 0348088. It is no stranger to everyone, all of his powerful functions make it easy for black friends. Today I will mainly discuss how to crack the connection password of the gray pigeon. The following methods are mainly used for the 2005 gray pigeon.
1. Obtain the encrypted connection password
First, I configure a pigeon server on the local machine. The domain name uses xtaflf.vicp.net, and the connection password is 0348088, and then runs locally, because when the pigeon main program generates the server, the password has been encrypted into a 16-bit MD5 modified ciphertext configuration to the server, the MD5 cracking software downloaded from the Internet cannot be cracked (because it is an MD5 encryption of the modified ), therefore, the plaintext password cannot be found on the server, but we can find the encrypted password. Okay, open "WinHex" and click "Open RAM ", find iipolice.exe, select the main memory, click Search Text, enter the domain name xtaflf.vicp.net, click OK, and press F3 until here, 1
500) this. width = 500 "title =" Click here to browse images in a new window "/>
Then, after the domain name xtaflf.vicp.net, you will see a 16-bit number 571e85be3f775bbd. This is the pigeon encrypted connection password! COPY it out, and then convert 571e85be3f775bbd to hexadecimal 35 37 31 65 38 35 62 65 66 37 37 35 62 64, write it down, it will be used later!
Ii. WPE network packet cracking connection password
Open the gray pigeon client and go online. If you lose a connection password 1, the system prompts that the password is incorrect. 2. Although someone on the internet says you can change the main program of the pigeon to authenticate the password, direct control of bots is already a BUG in the old pigeon version. The author of the pigeon version 2005 has already corrected the BUG because the connection passwords between the client and the server must be verified, it is not just a breakthrough to modify the client, but here I think of another method, that is, to modify the data sent by the client when the client sends a password verification to the server, here, we need to use third-party software WPE for packet filtering. That is to say, the data sent by the client must pass through the WPE packet and then be forwarded to the server, which can break through the verification of the connection password between the client and the server.
WPE is a tool that can intercept packets of data from the network and send modification tools to the modified data. Many people use it to create plug-ins for games. Below we will also create plug-ins for pigeons.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
Open WPE, click "Target Program" and select the pigeon process. 3. Click "start record" to capture the Black Triangle, 4. Okay, the WPE program has started to capture packets.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
500) this. width = 500 "title =" Click here to browse images in a new window "/>
Then, go back to the pigeon interface and enter "1" in the connection password. Double-click the host you just launched to read the disk list and click "TELNET", "capture screen", and "system information, return to the WPE interface and capture more than 30 data packets. Click the Red Square to stop recording. The data packet window is displayed on the right.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
500) this. width = 500 "title =" Click here to browse images in a new window "/>

The first packet indicates that when the connection password is 1, baa7c962da298c0c is encrypted through the pigeon master program, the hexadecimal format is 62 61 61 61 37 63 39 36 32 64 61 32 39 38 63 63. In Figure 5, the four bytes 00 00 are the headers used to read the disk list. (because of incorrect passwords, it is impossible to capture the headers used to read the disk list, so here I will tell you in advance) That is to say, the headers of different operations are different. After my observation, I found that different operations are performed (NOTE: For example: copy, delete, TELNET, enable proxy, and other operations), only the first byte of the four bytes will change, for example, when TELNET is performed, the packet header is 27 00 00. In this way, I can obtain different headers for different operations. Then, select the hex consisting of the 20 bytes sent by the function. Then, you can see that the following box selects the 20 bytes in hexadecimal notation, right-click Copy, 6, COPY files to notepad one by one.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
In these 20 bytes, except the first four bytes are headers, the next 16 bytes are when we enter the connection password as 1, the 16-bit MD5 value encrypted by the main program is sent to the server in hexadecimal format for verification, we use the WPE filter to filter packets and act as the forwarder of the pigeon client, replace the hex hexadecimal numbers encrypted when the connection password is 1 with the correct one and then forward the data to the pigeon server. In fact, during the entire packaging process, we do not need to know the correct connection password (specifying the password ). Because we use 1 as the connection password each time, it is more convenient to replace it. Now, the package is officially started. Double-click transfer handler 1 on the left and set the number of applications to 100 (up to 999 times, depending on your operation needs). The mode is advanced and the modification starts from: the beginning of the packet. Other Default values: 7,
500) this. width = 500 "title =" Click here to browse images in a new window "/>

Then, the search item in the data will paste the hexadecimal format when the password is 1 together with the front packet header in 20 bytes,
(That is, the hexadecimal number of the 20 bytes that you saved earlier) starting from the offset 001, go to the modification item in the data and copy the first four bytes of the search item in the data to fill in the 001 to 004 offset, then, convert the MD5 ciphertext string we obtained in the previous memory into a hex correct password. Right-click and paste it from 005
500) this. width = 500 "title =" Click here to browse images in a new window "/>



Note: The headers of the first four bytes must be the same for the Search items in the data and the modified items in the data. Otherwise, the entire filter will not function. Click application. 9
500) this. width = 500 "title =" Click here to browse images in a new window "/>

Then, you can add a total of 40 filters for other operations ). The method is the same as when the first filter is added, that is, the first byte of each filter header is different, and others are the same as the first filter, when all the filters are added, all the filters are checked. Then press the ON button, and the filters are all dimmed, so the filter is enabled. 10
500) this. width = 500 "title =" Click here to browse images in a new window "/>
At this time, the WPE program must not be closed. It now acts as a proxy for forwarding. Then let's go back to the pigeon's main interface and set the connection password to 1. (Note: the connection password must be the same as the password used in the current package.) Click a few operations to see if you can perform any operations! 11
500) this. width = 500 "title =" Click here to browse images in a new window "/>

In fact, WPE is far from the functionality of this software. For example, if you are interested in creating plug-ins for online games (for money and clothes), you can also study it! In fact, we can fight a pigeon counterattack to seize all the bots of others. (A pigeon Trojan has been attacked, but the domain name must be cracked in advance. Use this method again )!
In addition, the WPE software may be mistaken for virus by anti-virus software. Don't be surprised!