How to crack others' ASP Trojan passwords

Comments: Target: crack the encrypted Asp Trojan login password. Because there is no version description in the Trojan, I do not know the name of the Trojan. Solution: Use the encrypted password to replace the password and use the ciphertext and encryption algorithm to reverse the password. The former is not a real attack. If you cannot get the Asp source code, you can say that I have no chance of cracking the password. Target: crack the encrypted Asp Trojan login password. Because there is no version description in the Trojan, I do not know the name of the Trojan. Solution: Use the encrypted password to replace the password and use the ciphertext and encryption algorithm to reverse the password. The former is not a real attack. If you cannot get the Asp source code, you can say that I have no chance to crack the password. A Chinese friend said that he had obtained a Web permission but could not modify the homepage. He found that there was an Asp Trojan, but the password was encrypted. Well, there is too much nonsense. So, make preparations. This commentary will be quite long. The key code for Asp Trojan login password verification is as follows:
If Epass (trim (request. form ("password") = "q_ux624q p" then
Response. cookies ("password") = "8811748"
...
Obviously, the Epass function is used to encrypt the entered password and compare the obtained ciphertext with the original ciphertext. If you have a little programming Foundation, especially VB, the encryption algorithm in Epass will be clear at a glance. If no, it doesn't matter. I believe you will understand it soon after my explanation. In the function, the variable for saving the password is pass. Pass & "zxcvbnm,./" Concatenates the content in pass with zxcvbnm,./to get a new string. Left (pass & "zxcvbnm,./", 10) takes the first 10 digits. The StrReverse function reverses the order of the 10-Bit String. Len (pass) gets the length of the password. Below is a loop. The Ascii code of each character in the obtained string-the password length is rounded up (the character is * 1.1), and the obtained value is converted into a character and reconnected. Finally, replace all the characters in the obtained string with B, so that the ciphertext is generated. If we extract the encryption algorithm and replace the original ciphertext with our own ciphertext, The ing password will also become your password. But as I said, this is not a real attack. If we enter love, the encryption process is as follows: love
Lovezxcvbnm,./'connection
Lovezxcvbn takes the first 10 digits
The order of nbvcxzevol is reversed.
N
110 (ascii)-4 (digits) int (1 (position) * 1.1) = 107
The ascii code of 107 is k, and so on, and the final ciphertext:
K'ucy hzts

We can use the cipher text and encryption algorithm to reverse introduce the password, starting from the last step of the algorithm. In the last step, replace all with B. If there is no need to replace B with ', the answer is no. As long as we can get the final ciphertext, it is also possible to have different passwords. If there are 10 B, the number of the original password is 2 to the power of 10. Although the original password only has one, the 1024 passwords are correct. If you want to crack your friends perfectly, you can write all the combinations by yourself. This step can be ignored, and the above algorithm is clear. Chr (asc (mid (temppass, j, 1)-templen int (j * 1.1 ))

We just need to simply replace it. Chr (asc (mid (temppass, j, 1) templen-int (j * 1.1 ))

But there is another problem. We don't know the length of the password beforehand. It doesn't matter. Fortunately, the password is between 1 and 10 characters, which is not too long. Then we can use a 1 to 10 loop to find all possible passwords, and then use the StrReverse function to reverse the order. Then how can we determine which password is obtained. Based on pass & "zxcvbnm,./", check whether the password contains the first few digits of zxvbnm and. This is the real password. If the password is 10 digits, it will always be correct, because there is no connection later. So we may get two answers. The following are my decryption functions:
Function Ccode)
For templen1 = 1 to 10
Mmcode = ""
For j = 1 to 10
Mmcode = mmcode chr (asc (mid (code, j, 1) templen1-int (j * 1.1 ))
Next
Ccode = strReverse (mmcode)
Response. write "password" & templen1 & ":" & Ccode &""
If mid (Ccode, templen1 1,10-templen1) = left ("zxcvbnm,./", 10-templen1) and templen1 <> 10 then
Result = left (Ccode, templen1)
Next
Response. write "last password:" & result
End function

Well, the algorithm may not be fully mastered in such a short period of time. This is normal, so I will attach the instruction document to the compressed file and the Asp source code for encryption and decryption. Let's take it back and study it. Similarly, password 10 is always correct. Let's take the original ciphertext in Asp and see what the result will be.