邮件服务器-邮件系统-邮件技术论坛(BBS)

标题: 用户密码破解 [打印本页]

作者: lanbor 时间: 2011-6-16 14:35
标题: 用户密码破解
忘记了用户的密码,但又不想更改密码,在WINWEBMAIL的安装目录下找到这个文件,popusers.ini ,里边有帐户信息,密码等,但是密码是经过加密的,现在想请教下,这个是用什么方式加密的,有办法解密吗?

作者: 山坛兄弟 时间: 2011-6-16 15:02
最简单的方法就是通过管理员后台修改用户的密码。破解得费脑经，没有必要那么麻烦。如果连管理员的密码都忘记了，请查看官方的帮助文件找回即可！

作者: lanbor 时间: 2011-6-17 14:43
<%
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
%>

<%
un = trim(request("username"))
pw = trim(request("pwhidden"))
saveUser = trim(request("saveUser"))
cleancookies = trim(request("cleancookies"))

if cleancookies = "true" then
Response.Cookies("accounts") = ""
end if

showaccounts = trim(request.Cookies("accounts"))

Response.Cookies("name") = ""
dim ei
dim errmsg
errmsg = trim(request("errstr"))

if IsEmpty(Application("em_MaxMPOP3")) and IsEmpty(Application("em_MaxSigns")) then
dim mam
set mam = server.createobject("easymail.AdminManager")

tmp_num = 0
do while tmp_num < 30
mam.LoadExt

if mam.IsLoadOK = true then
Exit Do
end if

mam.Sleep 500
tmp_num = tmp_num + 1
loop

if mam.IsLoadOK = true then
Application("em_MaxMPOP3") = mam.MaxMPOP3
Application("em_MaxSigns") = mam.MaxSigns
Application("em_SystemAdmin") = LCase(mam.SystemAdmin)
Application("em_EnableBBS") = mam.EnableBBS
Application("em_Enable_SignHold") = mam.Enable_SignHold
Application("em_Enable_FreeSign") = mam.Enable_FreeSign
Application("em_Enable_SignWithDomainUser") = mam.Enable_SignWithDomainUser
Application("em_Enable_SignNumberLimit") = mam.Enable_SignNumberLimit
Application("em_SignNumberLimitDays") = mam.SignNumberLimitDays
Application("em_Enable_ShareFolder") = mam.Enable_ShareFolder
Application("em_Enable_SignEnglishName") = mam.Enable_SignEnglishName
Application("em_LogPageKSize") = mam.LogPageKSize
Application("em_TestAccounts") = LCase(mam.TestAccounts)
Application("em_SignMode") = mam.SignMode
Application("em_SignWaitDays") = mam.SignWaitDays
Application("em_am_Name") = mam.am_Name
Application("em_am_Accounts") = LCase(mam.am_Accounts)
Application("em_AccountsAdmin") = LCase(mam.AccountsAdmin)
Application("em_EnableEntAddress") = mam.Enable_Show_EntAddress

Application("em_EnableTrap") = mam.EnableTrap
if mam.EnableTrap = true then
Application("em_TrapMail") = mam.TrapMail
end if

set mam = nothing
else
set mam = nothing
response.redirect "outerr.asp?errstr=" & Server.URLEncode("超时, 请重试") & "&" & getGRSN()
end if
end if

if un <> "" and pw <> "" and Request.ServerVariables("REQUEST_METHOD") = "POST" then
un = LCase(un)
pw = strDecode(pw, trim(request("picnum")))

if un <> Application("em_SystemAdmin") then
dim webkill
set webkill = server.createobject("easymail.WebKill")
webkill.Load

rip = Request.ServerVariables("REMOTE_ADDR")

if webkill.IsKill(rip) = true then
set webkill = nothing
response.redirect "outerr.asp?errstr=" & Server.URLEncode("拒绝IP地址 " & rip & " 访问") & "&" & getGRSN()
end if

set webkill = nothing
end if

set ei = Application("em")
Session("wem") = ""
Session("mail") = ""
Session("tid") = ""
Session("SecEx") = ""
Session("scpw") = ""
Session("cert_ca") = ""

dim tmp_un
tmp_un = ei.GetRealUser(un)
if IsNull(tmp_un) = false and Len(tmp_un) > 0 then
un = LCase(tmp_un)
end if

rip = Request.ServerVariables("REMOTE_ADDR")
if ei.CheckIPLimit(un, rip) = false then
set ei = nothing
Response.Redirect "outerr.asp?errstr=" & Server.URLEncode("拒绝IP地址 " & rip & " 访问") & "&" & getGRSN()
end if

dim checkret
checkret = ei.CheckPassWordEx(un, pw, Request.ServerVariables("REMOTE_ADDR"))

if checkret = 0 then
if un = Application("em_SystemAdmin") and ei.CheckAdminIP(Request.ServerVariables("REMOTE_ADDR")) = false then
set ei = nothing

errmsg = "管理员登录IP地址错误。"
else
Session("tid") = ei.LoginEx(un, Request.ServerVariables("REMOTE_ADDR"))
Session("wem") = un
Session("mail") = ei.GetUserMail(un)
set ei = nothing

dim mri
set mri = server.createobject("easymail.MoreRegInfo")
mri.LoadRegInfo un
mri.CurrentlyIP = Request.ServerVariables("REMOTE_ADDR")
mri.SaveRegInfo
set mri = nothing

if saveUser = "true" then
Response.Cookies("accounts") = un
Response.Cookies("accounts").Expires = DateAdd("y", 5, Now())
end if

SecEx = trim(request("SecEx"))
if SecEx = "true" then
Session("SecEx") = "1"
else
Session("SecEx") = "0"
end if

dim userweb
set userweb = server.createobject("easymail.UserWeb")
userweb.Load Session("wem")

ShowLanguage = userweb.ShowLanguage

set userweb = nothing

if ShowLanguage = 1 then
Response.Redirect "en/welcome.asp"
else
Response.Redirect "welcome.asp"
end if
end if
elseif checkret = 2 then
dim pwwt
pwwt = ei.PassWordWaitMinute
set ei = nothing

errmsg = "连续三次输入密码错误，请过" & pwwt & "分钟后再试。"
else
set ei = nothing

errmsg = "错误的用户名或密码！请再次输入。"
end if
end if

if trim(request("logout")) = "true" then
if Session("wem") <> "" then
Application("em").Logout Session("wem"), Session("tid")
end if

Session("wem") = ""
Session("mail") = ""
Session("tid") = ""
Session("SecEx") = ""
Session("scpw") = ""
Session("cert_ca") = ""
end if
%>

<html>
<head>
<META HTTP-EQUIV="Content-Type" content="text/html; charset=gb_2312-80">
<title>Tr Formac (SH) Pte Ltd测试邮件系统</title>
<LINK href="images\hwem.css" rel=stylesheet>

<SCRIPT LANGUAGE=javascript>

</SCRIPT>
</head>

<body LANGUAGE=javascript onload="return window_onload()">
<br><br>

<form name="f1" method="post" action="default.asp">
<input type="hidden" name="username">
<input type="hidden" name="pwhidden">
<input type="hidden" name="picnum" value="<%=createRnd() %>">
<input type="hidden" name="saveUser">
<input type="hidden" name="SecEx">
</form>
<table cellspacing=0 cellpadding=0 width=350 align=center border=0>
  <tbody>
  <tr>
<td valign=bottom align=right width=347 rowspan=2>
   <table cellspacing=0 cellpadding=0 width="100%" border=0 style="BORDER-RIGHT: #333333 1px solid; BORDER-TOP: #333333 1px solid; BORDER-LEFT: #333333 1px solid; BORDER-BOTTOM: #333333 1px solid;">
      <tbody>
      <tr align="middle" bgcolor="#3280BE">
      <td colspan=4 height=35 style="BORDER-BOTTOM: #333333 1px solid;"><b><font
         color=#ffffff>欢迎使用TR测试邮件系统</font></b></td>
      </tr>
      <tr>
      <td colspan="4" height="20"> </td>
      </tr>
      <tr>
<td colspan="3" nowrap height="30" width="56">
</td><td nowrap><font class="s"><%
if showaccounts = "" then
%><b>用户名: </b></font><input type="text" id="usernameshow" name="usernameshow" maxlength="64" class="textbox"><%
else
%><b>用户名: </b></font><b><font class="s" color="#000099"><%=showaccounts %></font></b><%
end if
%>       </td>
      </tr>
      <tr>
      <td colspan="3" nowrap height="30"></td><td nowrap>
<font class="s"><b>密  码: </b></font><input type="password" id="pwshow" name="pwshow" maxlength="32" class="textbox">
      </td>
      </tr>
<%
if showaccounts = "" then
%>
      <tr valign="bottom">
      <td colspan="4" nowrap align="center" height="30"><font class="s" color="#000000"><input type="checkbox" id="showSecEx" name="showSecEx">增强安全性  
<input type="checkbox" id="showsaveUser" name="showsaveUser">记住用户名</font>
      </td>
      </tr>
<%
else
%>
      <tr valign="bottom">
      <td colspan="4" nowrap align="center" height="30">
<font class="s" color="#000000"><input type="checkbox" id="showSecEx" name="showSecEx">增强安全性  
<a href="default.asp?cleancookies=true">改用其他身份登录</a></font>
      </td>
      </tr>
<%
end if
%>
</td>
      <tr>
<td colspan="4" nowrap align="right" height="60">
<input class="Bsbttn" type=submit value=" 确定 " onclick="javascript:gook()">       
</td>
      </tr>
      </tbody>
   </table>
</td>
<td width=1 bgcolor=#ffffff height=5></td>
<td width=1 bgcolor=#ffffff height=5></td>
<td width=1 bgcolor=#ffffff height=5></td>
  </tr>
  <tr>
<td width=1 bgcolor=#333333 height=120></td>
<td width=1 bgcolor=#666666 height=120></td>
<td width=1 bgcolor=#999999 height=120></td>
  </tr>
  <tr valign=top align=right>
<td colspan=4>
   <table cellspacing=0 cellpadding=0 width="345" border=0>
      <tbody>
      <tr>
      <td bgcolor=#333333 height=1></td>
      </tr>
      <tr>
      <td bgcolor=#666666 height=1></td>
      </tr>
      <tr>
      <td bgcolor=#999999 height=1></td>
      </tr>
      </tbody>
   </table>
</td>
  </tr>
  <tr valign=center align=right>
<td colspan=4 height=35> </td>
  </tr>
  </tbody>
</table>

<div align="center">
  <table width="35%" border="0">
<tr><td align="center"><%
if Application("em_Enable_FreeSign") = true then
%>[<b><a href="create.asp?<%=getGRSN() %>">申请邮箱</a></b>]   <%
end if
%>[<b><a href="forgetbf.asp?<%=getGRSN() %>">忘记密码</a></b>]
</td></tr>
<tr><td height="15">
</td></tr>
<tr>
   <td align="center" nowrap height="25">

   </td>
</tr>
<tr>
   <td align="center" nowrap>

   </td>
</tr>
  </table>
</div>
<%
if Application("em_EnableTrap") = true then
%>
<div style="position:absolute; top:0; left:0; z-index:0; visibility:hidden">
<a href="mailto:<%=Application("em_TrapMail") %>"><%=Application("em_TrapMail") %></a>
</div>
<%
end if
%>
</body>
</html>

<%
function getGRSN()
dim theGRSN
Randomize
theGRSN = Int((9999999 * Rnd) + 1)

getGRSN = "GRSN=" & CStr(theGRSN)
end function

function createRnd()
dim retval
retval = getGRSN()

if Len(retval) > 4 then
retval = Right(retval, 4)
end if

if Left(retval, 1) = "0" then
retval = "5" & Right(retval, 3)
end if

createRnd = retval
end function

function strDecode(sd_Data, sd_bassnum)
dim sd_vChar
dim sd_NewData
dim sd_TempChar
sd_vChar = 1

do
if sd_vChar > Len(sd_Data) then
exit do
end if

      sd_TempChar = CLng(Mid(sd_Data, sd_vChar, 5))
sd_TempChar = ChrW(65535 + sd_bassnum - sd_TempChar)

      sd_NewData = sd_NewData & sd_TempChar
sd_vChar = sd_vChar + 5
loop

strDecode = sd_NewData
end function
%>

作者: lanbor 时间: 2011-6-17 14:44
default.asp 里边的这个函数是不是就是用来加密的?

function strDecode(sd_Data, sd_bassnum)
      dim sd_vChar
      dim sd_NewData
      dim sd_TempChar
      sd_vChar = 1

      do
            if sd_vChar > Len(sd_Data) then
                     exit do
            end if

         sd_TempChar = CLng(Mid(sd_Data, sd_vChar, 5))
            sd_TempChar = ChrW(65535 + sd_bassnum - sd_TempChar)

      sd_NewData = sd_NewData & sd_TempChar
            sd_vChar = sd_vChar + 5
      loop

      strDecode = sd_NewData
end function

欢迎光临邮件服务器-邮件系统-邮件技术论坛(BBS) (http://5dmail.net/bbs/)