转载请保留版权信息!谢谢合作!
byNetPatch
welcomewww.nspcn.organdwww.icehack.com
最近做渗透测试时常碰到RADMIN一类的东西..
一碰到此类的程序,一般我都会先看下对方把RADMIN的端口配置成什么..以及相应的PASS(加密过的)
HKEY_LOCAL_MACHINESYSTEMRAdminv2.0ServerParametersParameter//默认密码注册表位置
HKEY_LOCAL_MACHINESYSTEMRAdminv2.0ServerParametersPort//默认端口注册表位置
//把海阳读出来的,用逗号格开,然后用下面的代码转换就可以了
[Copytoclipboard][-]CODE:
DimtheStr
theStr=InputBox("请输入要转换的密码:","输入","44,41,43,32,43,5,45,64,43,24,31,53,46,57,64,86")
IftheStr<>""Then
CallInputBox("请复制已经转换好的密码",,zpass(theStr))
EndIf
Functionzpass(pass)
tpass=""
MyArray=Split(pass,",",-1,1)
ForeachthepassinMyArray
iflen(thepass)=1then
tpass=tpass+"0"
endif
tpass=tpass+hex(thepass)
Next
zpass=tpass
EndFunction
//转换后的,就可以拿爆破工具去跑了....
端口读出后类似这样223,34,0,0
//用下面代码转换即可
[Copytoclipboard][-]CODE:
DimtheStr
theStr=InputBox("请输入要转换的端口:","输入","223,34,0,0,")
da=Split(thestr,",",-1,1)
IftheStr<>""Then
CallInputBox("请复制已经转换好的端口",,Hex2Dec(Dec2Hex(da(3))&Dec2Hex(da(2))&Dec2Hex(da(1))&Dec2Hex(da(0))))
EndIf
FunctionHex2Dec(Hex)
Hex=UCase(Hex)
Fori=1ToLen(Hex)
SelectCaseMid(Hex,Len(Hex)-i+1,1)
Case"0":B=B+16^(i-1)*0
Case"1":B=B+16^(i-1)*1
Case"2":B=B+16^(i-1)*2
Case"3":B=B+16^(i-1)*3
Case"4":B=B+16^(i-1)*4
Case"5":B=B+16^(i-1)*5
Case"6":B=B+16^(i-1)*6
Case"7":B=B+16^(i-1)*7
Case"8":B=B+16^(i-1)*8
Case"9":B=B+16^(i-1)*9
Case"A":B=B+16^(i-1)*10
Case"B":B=B+16^(i-1)*11
Case"C":B=B+16^(i-1)*12
Case"D":B=B+16^(i-1)*13
Case"E":B=B+16^(i-1)*14
Case"F":B=B+16^(i-1)*15
EndSelect
Next
Hex2Dec=B
EndFunction
FunctionDec2Hex(Dec)
Dec2Hex=""
DoWhileDec>0
a=CStr(DecMod16)
SelectCasea
Case"10":a="A"
Case"11":a="B"
Case"12":a="C"
Case"13":a="D"
Case"14":a="E"
Case"15":a="F"
EndSelect
Dec2Hex=a&Dec2Hex
Dec=Dec16
Loop
EndFunction
【小谈RADMIN的几个小技巧】相关文章:
★ MSSQL注入PUBLIC权限下的xp_dirtree再度利用方法