破解一個(gè)網(wǎng)絡(luò)驗(yàn)證的NET程序_第1頁(yè)
破解一個(gè)網(wǎng)絡(luò)驗(yàn)證的NET程序_第2頁(yè)
破解一個(gè)網(wǎng)絡(luò)驗(yàn)證的NET程序_第3頁(yè)
破解一個(gè)網(wǎng)絡(luò)驗(yàn)證的NET程序_第4頁(yè)
破解一個(gè)網(wǎng)絡(luò)驗(yàn)證的NET程序_第5頁(yè)
已閱讀5頁(yè),還剩2頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

amFilesV幾口點(diǎn):I000741FEEF段:文件偏移:I000731FE首字節(jié):[FF,25?Od,2Q8.0子系統(tǒng):|Wiiv32.CUIMicrosoftVisualC#/Basic.NET[査看進(jìn)程⑴]選項(xiàng)切..關(guān)于?迦「.退出]總在攝前盤】既然是網(wǎng)絡(luò)驗(yàn)證的程序,那要開啟Sniffer類的程序,來抓取數(shù)據(jù)包,我這里用的HTTPAnalyzer運(yùn)行程序,來看看她的驗(yàn)證,輸入郵箱和密碼,提示“Sorry,wrongusername,passwordorcomputerID”我們看看HTTPAnalyzer獲取到的數(shù)據(jù)。Header|ResponseContent|PostData|RequestTiming|QueryString|Cookies StatusCodeDefinition|1斗5bytessentto1斗5bytessenttoPOST/verify_license?php?email=fuck@Host: comContent-Length: 0HTTP/1?1200OKDate:Sat,16Oct201008:07:28GMTServer:ApacheX-Powered-By:PHP/5.2?12Vary:Accept-EncodingTrans —Encoding:chunkedContent-Type:text/html3NOT0POST/verify_license.php?email=fuck@&password=ST4GBVNE&mid=BFEBFBFF00010676HTTP/1.1我們提交了$email,$password,$mid這3個(gè)變量到verify_license.php文件$email是我們輸入的郵箱號(hào)碼,$password是我們輸入的密碼,$mid是程序獲取你的機(jī)器碼。verify_license.php根據(jù)計(jì)算,我們提交的驗(yàn)證碼錯(cuò)誤,于是返回值“NOT”。弱弱的分析了一下驗(yàn)證機(jī)制,接下我們來分析一下程序,看他的驗(yàn)證碼模塊的代碼。用ildasm載入程序。DumpoptionsDumpMetainfoRaw:Header.ySchema.Row?Raw:HeapsUnresolvedEntern日IsValidateRaw:HeaderRaw:Header.SchemaDumpoptionsDumpMetainfoRaw:Header.ySchema.Row?Raw:HeapsUnresolvedEntern日IsValidateRaw:HeaderRaw:Header.SchemaMoreHEX:FlawCoun^ize&DumpClassListDump.gt日t覇轉(zhuǎn):□howProgressBarDumpHeaderDumpILCodeToken.ValuesActualLineNumber^肓^SourceLines;-菅Expandtry/c-atchEncodingrANSI柑UTF-8CUnicode選擇“FILE”選項(xiàng)的“DUMP”。她的驗(yàn)證是verify_license.php,那我們就搜索一下“verify_license.php”??梢钥吹?,就一次。

5//Classesdefinedinthismodule:listed±3tedsstedprivate)private)private)pi.iljlic)pi.iljlic)pi.iljlic)5//Classesdefinedinthismodule:listed±3tedsstedprivate)private)private)pi.iljlic)pi.iljlic)pi.iljlic)astedpi.Ujlic)^stedpublic)=stedpublic)查找內(nèi)客(曰:r^IJltraEdit?區(qū)下樓鈔verifylieense.phpf————d\1.譙實(shí)例已找到.上占(E)總數(shù)確定;關(guān)閉(出『只匹配整于詞語辿)幫助也匹配丈涉寫財(cái)選定文字(L)巴正則表達(dá)式(或前至打開文件高飆也(pi.uciiicj(autoj(ans1j(auto)(anai)(sealed)(nested(auto)(ansi)(sealed)(nested(auto)(ansi)(sealed)(門已3ted(pi.Ujlic)(auto)(ansi)(pi.Ujlic)(auto)(ansi)我們來看下代碼。//HEX:0000000017000000A4000000BB000000030000000E000001IL_00be:/*1C|*/ldc.i4.6IL_00bf:/*8D|(01)00001F*/newarr[mscorlib/*23000001*/]System.String/*0100001F*/IL_00c4:/*13|0D*/stloc.sV_13IL_00c6:/*11|0D*/ldloc.sV_13IL_00c8:/*16|*/ldc.i4.0IL_00c9:/*72| (70)0070A3*/ldstrhttp:/Z26836659./verify_license.php\?〃這里是驗(yàn)證的網(wǎng)址,我改成我的BLOG了。+"email="/*700070A3*/IL_00ce:/*A2|*/stelem.refIL_00cf:/*11|0D*/ldloc.s V_13IL_00d1:/*17|*/ldc.i4.1IL_00d2:/*02|*/ldarg.0IL_00d3:/*7B|(04)00010E */ldfldclass[System.Windows.Forms/*23000002*/]System.Windows.Forms.TextBox/*01000055*/de/*02000049*/::e/*0400010E*/IL_00d8: /*6F|(0A)000076 */callvirtinstancestring[System.Windows.Forms/*23000002*/]System.Windows.Forms.Control/*01000039*/::get_Text()/*0A000076*/獲取文本內(nèi)容,應(yīng)該是我們的郵箱IL_00dd:/*A2IL_00de:/*11||0D*/stelem.ref*/ldloc.s V_13IL_00e0:/*18|*/ldc.i4.2IL_00e1:/*72|(70)007115*/ldstr "&password="/*70007115*/輸入的密碼IL_00e6:/*A2|*/stelem.refIL_00e7:/*11|0D*/ldloc.s V_13IL_00e9:/*19|*/ldc.i4.3

IL_00ea:/*02|*/ldarg.0IL_00eb:/*7B|(04)00010C*/ldfldclass[System.Windows.Forms/*23000002*/]System.Windows.Forms.TextBox/*01000055*/de/*02000049*/::c/*0400010C*/IL_00f0:/*6F|(0A)000076*/callvirtinstancestring[System.Windows.Forms/*23000002*/]System.Windows.Forms.Control/*01000039*/::get_Text()/*0A000076*/IL_00f5:/*A2|*/stelem.refIL_00f6:/*11|0D*/ldloc.sV_13IL_00f8:/*1A|*/ldc.i4.4IL_00f9:/*72|(70)00712B*/ldstr "&mid="/*7000712B*/機(jī)器碼IL_00fe:/*A2|*/stelem.refIL_00ff:/*11|0D*/ldloc.sV_13IL_0101:/*1B|*/ldc.i4.5IL_0102:/*06|*/ldloc.0IL_0103:/*A2|*/stelem.refIL_0104:/*11|0D*/ldloc.sV_13IL_0106:/*28|(0A)00007D*/callstring[mscorlib/*23000001*/]System.String/*0100001F*/::Concat(string[])/*0A00007D*/IL_010b:/*28|(0A)000026*/callclass[System/*23000003*/]System.Net.WebRequest/*0100002F*/[System/*23000003*/]System.Net.WebRequest/*0100002F*/::Create(string)/*0A000026*/IL_0110:/*74|(01)000027*/castclass[System/*23000003*/]System.Net.HttpWebRequest/*01000027*/IL_0115:/*13|04*/stloc.sV_4IL_0117:/*11|04*/ldloc.sV_4IL_0119:/*72|(70)0000E3*/ldstr"POST"/*700000E3*/POST提交IL_011e:/*6F(0A)000029*/callvirtinstancevoid[System/*23000003*/]System.Net.WebRequest/*0100002F*/::set_Method(string)/*0A000029*/IL_0123:/*11|04*/ldloc.sV_4IL_0125:/*16|*/ldc.i4.0IL_0126:/*6A|*/conv.i8IL_0127:/*6F(0A)000039*/callvirtinstancevoid[System/*23000003*/]System.Net.WebRequest/*0100002F*/::set_ContentLength(int64)/*0A000039*/IL_012c:/*11|04*/ldloc.sV_4IL_012e:/*6F(0A)00003E*/callvirtinstanceclass[System/*23000003*/]System.Net.WebResponse/*01000028*/[System/*23000003*/]System.Net.WebRequest/*0100002F*/::GetResponse()/*0A00003E*/IL_0133:/*13|05*/stloc.sV_5IL_0135:/*11|05*/ldloc.sV_5IL_0137:/*6F(0A)00003F*/callvirtinstanceclass[mscorlib/*23000001*/]System.IO.Stream/*01000025*/[System/*23000003*/]System.Net.WebResponse/*01000028*/::GetResponseStream()/*0A00003F*/IL_013c:/*13|06*/stloc.sV_6IL_013e:/*11|06*/ldloc.sV_6IL_0140:/*73|(0A)000040*/newobjinstancevoid[mscorlib/*23000001*/]System.IO.StreamReader/*01000029*/::.ctor(class[mscorlib/*23000001*/]System.IO.Stream/*01000025*/)/*0A000040*/IL_0145:/*13|07*/stloc.sV_7IL_0147:/*11|07*/ldloc.sV_7IL_0149:/*6F|(0A)000041*/callvirtinstancestring[mscorlib/*23000001*/]System.IO.TextReader/*0100001C*/::ReadToEnd()/*0A000041*/IL_014e:/*13|08*/stloc.sV_8IL_0150:/*11|08*/ldloc.sV_8IL_0152:/*72|(70)007137*/ldstr"NEWUSER"/*70007137*/從newuser開始了IL_0157:/*28|(0A)000083*/callbool[mscorlib/*23000001*/]System.String/*0100001F*/::op_Equality(string,string)/*0A000083*/這里用到一個(gè)op_equality函數(shù),.NET我是不清楚,不過,在VB中,op_equality里面見過,是比較兩個(gè)串是否相等IL_015c:/*2D |0E */brtrue.s IL_016c他先比較是不是newuser,然后,后面跟著一句,是brture.s,就是如果相等的話就跳IL_015e:/*11 |08 */ldloc.s V_8IL_0160:/*72|(70)007149*/ldstr"VALID"/*70007149*/然后,就比較是不是VALID,如果不相等就跳。VALID后面跟著的是brfalse了,這是推測(cè)的。來測(cè)試下看看。IL_0165:/*28|(0A)000083*/callbool[mscorlib/*23000001*/]System.String/*0100001F*/::op_Equality(string,string)/*0A000083*/IL_016a:/*2C0F*/brfalse.sIL_017bIL_016c:/*02|*/ldarg.0IL_016d:/*17|*/ldc.i4.1IL_016e:/*7D|(04)000111*/stfldboolde/*02000049*/::h/*04000111*/IL_0173:/*021*/ldarg.0IL_0174:/*28|(0A)0000EB*/callinstancevoid[System.Windows.Forms/*23000002*/]System.Windows.Forms.Form/*01000011*/::Close()/*0

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論