所以我忘记了我的主密码~_~我将所有密码都存储在KeePass数据库文件中。现在我找到了这篇文章http://blog.q-protex.com/2010/03/14/keepass-self-bruteforce/并安装了所需版本的 python 和 winappdbg-1.3.win32 。我修改了源代码,所以它看起来像这样:
from winappdbg import Debug
from time import strftime
import time
import os.path
counter=0
word=""
words=[]
r_eax=0
r_ecx=0
r_edx=0
WORD_SIZE = 20
#Save the state of the registers
def action_0(event):
global r_eax, r_ecx, r_rdx
aThread = event.get_thread()
r_eax = aThread.get_register("Eax")
r_ecx = aThread.get_register("Ecx")
r_edx = aThread.get_register("Edx")
#Write the word
def action_1( event ):
global word
global words
global counter
global WORD_SIZE
aThread = event.get_thread()
aProcess = event.get_process()
memDir = aThread.get_register("Ecx")
word=words[counter]
word = word.replace("\n","")
word = word[0:WORD_SIZE-1]
#word = word.lower() #optional
aProcess.poke(memDir,word + "\0")
#Check the flag state
def action_2( event ):
global word
global counter
aThread = event.get_thread()
b = aThread.get_flag_value(aThread.Flags.Zero)
if b:
print 'Counter: ' + repr(counter) + ' - Correct: ' + word
event.get_process().kill()
else:
print 'Counter: ' + repr(counter) + ' - Incorrect: ' + word
if counter<:
len(words)-1
counter+=1
aThread.set_register("Eip", 0x004D6699)
else:
event.get_process().kill()
#Restore the registers to the original state
def action_3( event ):
aThread = event.get_thread()
aThread.set_register("Eax",r_eax)
aThread.set_register("Ecx",r_ecx)
aThread.set_register("Edx",r_edx)
aThread.set_register("Eip", 0x004DC395)
#Specify a dictionary here
words = open('dic.txt', "r").readlines()
print "[+] Words Loaded: ",len(words)
#Specify a key file
keyfile = "dic.txt"
try:
debug = Debug()
if os.path.isfile(keyfile):
print "[+] Keyfile Loaded: '" + keyfile + "'"
aProcess = debug.execv(['KeePass.exe', 'db.kdb', '-keyfile:' + keyfile, '-pw:'.ljust(WORD_SIZE+4)])
else:
print "[+] Specified keyfile '" + keyfile + "' does not exist, ignoring argument"
aProcess = debug.execv( ['KeePass.exe', 'db.kdb', '-pw:'.ljust(WORD_SIZE+4)])
#Set the breakpoints
debug.break_at(aProcess.get_pid() , 0x004DC395, action_0)
debug.break_at(aProcess.get_pid() , 0x004D77A0, action_1)
debug.break_at(aProcess.get_pid() , 0x004D6684, action_2)
debug.break_at(aProcess.get_pid() , 0x004DC39A, action_3)
#Wait for the debugee to finish
t1 = time.clock()
debug.loop()
finally:
debug.stop()
print 'Finished in ' + repr(time.clock() - t1) + ' seconds!'
现在运行脚本时出现以下错误:
Python 2.6.4 (r264:75708, Oct 26 2009, 08:23:19) [MSC v.1500 32 bit (Intel)] on win32
Type "copyright", "credits" or "license()" for more information.
****************************************************************
Personal firewall software may warn about the connection IDLE
makes to its subprocess using this computer's internal loopback
interface. This connection is not visible on any external
interface and no data is sent to or received from the Internet.
****************************************************************
IDLE 2.6.4 ==== No Subprocess ====
>>>
[+] Words Loaded: 82740
[+] Keyfile Loaded: 'dic.txt'
Traceback (most recent call last):
File "D:\Keepass Self-Bruteforcer - KDB\Script1.py", line 79, in <module>
debug.break_at(aProcess.get_pid() , 0x004DC395, action_0)
File "D:\Phyton264\lib\site-packages\winappdbg\breakpoint.py", line 3415, in break_at
self.enable_code_breakpoint(pid, address)
File "D:\Phyton264\lib\site-packages\winappdbg\breakpoint.py", line 2453, in enable_code_breakpoint
bp.enable(p, None) # XXX HACK thread is not used
File "D:\Phyton264\lib\site-packages\winappdbg\breakpoint.py", line 860, in enable
self.__set_bp(aProcess)
File "D:\Phyton264\lib\site-packages\winappdbg\breakpoint.py", line 836, in __set_bp
aProcess.mprotect(address, mbi.Protect)
TypeError: mprotect() takes exactly 4 arguments (3 given)
>>>
在出现错误之前,KeePass程序显示2个警告对话框(两者都说密码错误),然后打开两个KeePass.exe实例。
在文件夹中的python脚本位于我放置dic.txt,db.kdb和KeePass.exe文件。 KeePass.exe是从便携式应用程序下载的,版本是1.28
编辑:从此处下载KeePass 1.07:http://sourceforge.net/projects/keepass/files/KeePass%201.x/1.07/KeePass-1.07.zip/download并将其替换为该文件夹。这将解决错误。
但我仍然在源代码本身遇到问题。在托管python脚本的网站上不再有源代码作为可下载文件,而是仅作为其博客帖子上的嵌入脚本。我试图格式化它是我可以,但我不掌握任何python知识。现在,当我再次运行脚本时,同样的事情发生了 - 两个KeePass.exe实例被打开,一条警告消息显示密码错误。我知道这是一个糟糕的源代码复制/过去的结果。