Ingenious way to unlock others asp Trojan password

Cracked goal: To crack an encrypted ASP Trojan landing password. Because there is no version in the Trojan, specifically do not know what the name of this Trojan. Break the train of thought: Two kinds, use encrypt cipher to replace cipher text and use cipher text and encrypt algorithm to solve the password. The former is not really cracked. If you do not get the ASP source code, then can be said to crack the password, I have no chance of success. A Chinese friend said he got a web permission, but could not modify the home page, found that there is an ASP trojan, but the password is encrypted. Well, there's too much nonsense, so it's going to be quite a long time to get ready. ASP Trojan Landing Password verification key code is as follows: If Epass (Request.Form ("password")) = "Q_ux624q|p" then Response.Cookies ("password") = " 8811748 "... Obviously, the Epass function is used to encrypt the input password, and then the resulting ciphertext and the original ciphertext are compared. If a little bit of programming basis, especially VB, then epass encryption algorithm will be at a glance. If not, then, it does not matter, I believe that after my explanation, you will soon understand. function, the variable that holds the password is pass. pass& "zxcvbnm,./" connects the contents of pass to the zxcvbnm,./to get a new string. Left (pass& "zxcvbnm,./", 10) takes the first 10 digits. The StrReverse function reverses the order of the 10-bit string. Len (pass) Gets the length of the password. Below is a loop. Each digit in the resulting string is ASCII-the password length + rounded (the character is in the bit *1.1), and the resulting value is converted to a character reconnection. Finally, the resulting string is replaced with the ' character ' all in B, so the ciphertext is produced. If we extract the encryption algorithm to replace the original ciphertext with our own cipher text, the matched password will become your password. But as I said, it's not really a crack. If we enter love, the encryption process is as follows: lovelovezxcvbnm,./' connect lovezxcvbn ' fetch Top 10 nbvcxzevol ' order reversed n110 (ASCII)-4 (digits) +int (1 (location) *1.1) = 107107 ASCII code for K, and so on, and finally ciphertext: K ' Ucy|hzts we can use ciphertext and encryption algorithm to reverse the introduction of the password, from the last step of the algorithm to push up. The last step is to replace all with B ', there is no need to replace B ', the answer is no. As long as we can get the final ciphertext, the password is not the same as possible. If there are 10 B, the number of the original passwordOn 2 of the 10-time side, although the original password is only one, but 1024 passwords are correct. If you want to perfect crack friend, you can try to write all the combination. So this step can be ignored, the above algorithm is very clear. Chr (ASC (Mid temppass,j,1)-templen+int (j*1.1)) We just need to simply switch the + and--and change it. Chr (ASC (Mid temppass,j,1) +templen-int (j*1.1)) But there is a problem, we do not know the length of the password, it does not matter, fortunately the password is between 1-10 digits, not too long. Then we can use a 1 to 10 loop to find all the possible passwords, and then use the StrReverse function in order to reverse. So what do we know about the final code? Can be based on pass& "zxcvbnm,./", see if the password in addition to the last few zxvbnm,./. So that's the real code. So if the password is 10 bits, it will always be correct, because there is no connection behind it. So we may get two answers. Here's the decryption function I wrote: function Ccode (code) for templen1=1 to 10mmcode= ' for J=1 to 10MMCODE=MMCODE+CHR (ASC (code,j,1) + Templen1-int (j*1.1)) Nextccode=strreverse (mmcode) Response.Write "Password" &templen1& ":" &Ccode& "if Mid ( CCODE,TEMPLEN1+1,10-TEMPLEN1) =left ("zxcvbnm,./", 10-templen1) and templen1<>10 thenresult=left (Ccode, TEMPLEN1) nextresponse.write "Last password:" &resultend function well, the algorithm may not be fully mastered in such a short period of time, this is normal, then I will be included in the package documentation and decryption of the ASP source code , let's take it back and study it well. Likewise, the password 10 is eternally correct. Then we will be the original text of the ASP to take a look at, what will be the result. Responsible Editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original: Ingenious break untieOther people ASP Trojan password method back to the column Recycling Station home page