How to break others' ASP Trojan passwords

Comments: Cracking target: crack the encrypted login password of an asp Trojan. Because there is no version description in the Trojan, I do not know the name of the Trojan. Solution: Use the encrypted password to replace the password and use the ciphertext and encryption algorithm to reverse the password. The former is not a real attack. Objective: to crack the game. If the target is to be cracked: crack the encrypted login password of an asp Trojan. Because there is no version description in the Trojan, I do not know the name of the Trojan. Solution: Use the encrypted password to replace the password and use the ciphertext and encryption algorithm to reverse the password. The former is not a real attack. Objective: to crack the game. If you cannot get the asp source code, you can say that I have no chance to crack the password. A Chinese friend said that he had obtained a web permission but could not modify the homepage. He found that there was an asp Trojan, but the password was encrypted. Now we have this animation. Well, there is too much nonsense. So, make preparations. This commentary will be quite long. The key code for asp Trojan login password verification is as follows: if Epass (trim (request. form ("password") = "q_ux624q | p" then response. cookies ("password") = "8811748 "... obviously, the Epass function is used to encrypt the entered password and compare the obtained ciphertext with the original ciphertext. If you have a little programming Foundation, especially VB, the encryption algorithm in Epass will be clear at a glance. If no, it doesn't matter. I believe you will understand it soon after my explanation. In the function, the variable for saving the password is pass. Pass & "zxcvbnm,./" Concatenates the content in pass with zxcvbnm,./to get a new string. Left (pass & "zxcvbnm,./", 10) takes the first 10 digits. The StrReverse function reverses the order of the 10-Bit String. Len (pass) gets the length of the password. Below is a loop. The Ascii code of each character in the obtained string-the password length is rounded up (the character is * 1.1), and the obtained value is converted into a character and reconnected. Finally, replace all the characters in the obtained string with B, so that the ciphertext is generated. If we extract the encryption algorithm and replace the original ciphertext with our own ciphertext, The ing password will also become your password. But as I said, this is not a real attack. If we enter love, the encryption process is as follows:
Lovelovezxcvbnm,./'connect lovezxcvbn
'Retrieve the first 10 bits of nbvcxzevol
'Reverse order n110 (ascii)-4 (digits) int (1 (position) * 1.1)
The ascii code of = 107107 is k, and so on. The final ciphertext is k'ucy | hzts
We can use passwords and encryption algorithms to reverse introduce passwords. Start from the last step of the algorithm. In the last step, replace all with B. If there is no need to replace B with ', the answer is no. As long as we can get the final ciphertext, it is also possible to have different passwords. If there are 10 B, the number of the original password is 2 to the power of 10. Although the original password only has one, the 1024 passwords are correct. If you want to crack your friends perfectly, you can write all the combinations by yourself. This step can be ignored. The above algorithm is very clear, chr (asc (mid (temppass, j, 1)-templen int (j * 1.1 )) we just need to simply replace it. Chr (asc (mid (temppass, j, 1) templen-int (j * 1.1) but there is another problem. We don't know the password length beforehand. It doesn't matter, fortunately, the password must be 1-10 characters long. Then we can use a 1 to 10 loop to find all possible passwords, and then use the StrReverse function to reverse the order. Then how can we determine which password is obtained. Based on pass & "zxcvbnm,./", check whether the password contains the first few digits of zxvbnm and. This is the real password. If the password is 10 digits, it will always be correct, because there is no connection later. So we may get two answers. The following is my decryption function: function Ccode (code) for templen1 = 1 to 10 mmcode = "" for j
= 1 to 10 mmcode = mmcode chr (asc (mid (code, j, 1) templen1-int (j * 1.1 ))
NextCcode = strReverse (mmcode) response. write
"Password" & templen1 & ":" & Ccode & "" if mid (Ccode, templen1 1,10-templen1)
= Left ("zxcvbnm,./", 10-templen1)
And templen1 <> 10 thenresult
= Left (Ccode, templen1) nextresponse. write "final password:" & resultend function is good, and the algorithm may not be completely mastered in such a short period of time. This is normal, so I will attach the instruction document to the compressed package and the asp source code for encryption and decryption. Let's take it back and study it. Similarly, password 10 is always correct. Let's take the original ciphertext in asp and see what the result will be. Okay. You can log on to both passwords. Assume an iis is created locally for testing. If a web server cannot be set up locally, contact me and write it in other languages.