Tự xây dựng Credentials tương tự như Class NetworkCredential

[thedattm]

Mình tìm hiểu qua thì thấy rằng Credential thực chất là mã hóa base64 username và password

Mã nguồn PHP:

inline BOOL Base64Encode( const BYTE* pbSrcData, int nSrcLen, LPSTR szDest, int* pnDestLen, DWORD dwFlags = ATL_BASE64_FLAG_NONE ) throw( );  


http://www.experts-exchange.com/Prog...ng/A_3216.html
http://msdn.microsoft.com/en-us/libr...8VS.80%29.aspx

[Crypto] Base64 encode

I. Giới thiệu:
Từ khi được giới thiệu, Base64 hiện là một giải thuật mã hóa được ứng dụng rộng rãi. Bên cạnh ứng dụng chính là encode dữ liệu truyền trong các ứng dụng mail (Multipurpose Internet Mail Extensions - MIME) base64 còn dùng trong một số lĩnh vực khác nhau.
Ý nghĩa của giải thuật này là chuyển đổi các dữ liệu binary (như file đính kèm) sang dạng plain text để có thể truyền với giao thức mail.
Cách hiện thực base64 đơn giản là dùng bảng mã 6 bit (chỉ bao gồm các ký tự a-z,A-Z,0-9) thay cho bảng mã 8 bit thông dụng.
Các bước Base64 thực hiện như sau:
1. Chuyển đổi các dữ liệu truyền sang nhị phân. Vd: với 3 ký tự ASCII 8 bit ta sẽ có dãy gồm 24 bit.
2. Tách thành các nhóm 6 bit để xử lý
3. Ánh xạ nhóm 6 bit trong bảng mã Base64 để tìm ký tự tương ứng
Hãy xét một ví dụ sau:
Dữ liệu cần chuyển đổi Base64: Man
Bước 1:
M = 77 (ASCII) = 0100.1101
a = 97 (ASCII) = 0110.0001
n = 110 (ASCII) = 0110.1110
Man = 0100.1101.0110.0001.0110.1110
Bước 2: Tách nhóm 6 bit
Man = 010011.010110.000101.101110
Bước 3: Ánh xạ trong bảng mã 64 sau:


Dữ liệu Base64: TWFu
Việc chuyển đổi từ Base64 ra dữ liệu gốc đơn giản có thể làm ngược lại.
Ngoài việc dùng chuyển đổi dữ liệu dùng truyền mail, Base64 còn dùng trong HTTP Basic Authenticate với Web Server. Username và password được truyền đến server bằng Base64 trong HTTP Header. Xem hình sau:


II. Dùng Base64 mã hóa Webshell để Bypass Antivirus:
1. Có 1 Webshell vd: r57.php. Shell này khi upload lên server cài đặt Antivirus sẽ dễ dàng detect được.
2. Dùng Base64 encode. Có thể dùng một số trang web encode online. Vd: http://www.motobit.com/util/base64-decoder-encoder.asp
3. Tạo file Newshell.php dán nội dung encode vào hàm base64_decode
<?php
eval (base64_decode('abc'));
?>
Với abc là nội dung shell đã encode.
Kết thúc!

http://www.ietf.org/rfc/rfc2045.txt

Mã nguồn PHP:

/*********************************************************************\MODULE NAME: b64.cAUTHOR: Bob Trower 08/04/01PROJECT: Crypt Data PackagingCOPYRIGHT: Copyright (c) Trantor Standard Systems Inc., 2001NOTE: This source code may be used as you wish, subject to the MIT license. See the LICENCE section below.DESCRIPTION: This little utility implements the Base64 Content-Transfer-Encoding standard described in RFC1113 (http://www.faqs.org/rfcs/rfc1113.html). This is the coding scheme used by MIME to allow binary data to be transferred by SMTP mail. Groups of 3 bytes from a binary stream are coded as groups of 4 bytes in a text stream. The input stream is 'padded' with zeros to create an input that is an even multiple of 3. A special character ('=') is used to denote padding so that the stream can be decoded back to its exact size. Encoded output is formatted in lines which should be a maximum of 72 characters to conform to the specification. This program defaults to 72 characters, but will allow more or less through the use of a switch. The program enforces a minimum line size of 4 characters. Example encoding: The stream 'ABCD' is 32 bits long. It is mapped as follows: ABCD A (65) B (66) C (67) D (68) (None) (None) 01000001 01000010 01000011 01000100 16 (Q) 20 (U) 9 (J) 3 (D) 17 (R) 0 (A) NA (=) NA (=) 010000 010100 001001 000011 010001 000000 000000 000000 QUJDRA== Decoding is the process in reverse. A 'decode' lookup table has been created to avoid string scans.DESIGN GOALS: Specifically: Code is a stand-alone utility to perform base64 encoding/decoding. It should be genuinely useful when the need arises and it meets a need that is likely to occur for some users. Code acts as sample code to show the author's design and coding style. Generally: This program is designed to survive: Everything you need is in a single source file. It compiles cleanly using a vanilla ANSI C compiler. It does its job correctly with a minimum of fuss. The code is not overly clever, not overly simplistic and not overly verbose. Access is 'cut and paste' from a web page. Terms of use are reasonable. VALIDATION: Non-trivial code is never without errors. This file likely has some problems, since it has only been tested by the author. It is expected with most source code that there is a period of 'burn-in' when problems are identified and corrected. That being said, it is possible to have 'reasonably correct' code by following a regime of unit test that covers the most likely cases and regression testing prior to release. This has been done with this code and it has a good probability of performing as expected. Unit Test Cases: case 0:empty file: CASE0.DAT -> -> (Zero length target file created on both encode and decode.) case 1:One input character: CASE1.DAT A -> QQ== -> A case 2:Two input characters: CASE2.DAT AB -> QUJD -> AB case 3:Three input characters: CASE3.DAT ABC -> QUJD -> ABC case 4:Four input characters: case4.dat ABCD -> QUJDRA== -> ABCD case 5:All chars from 0 to ff, linesize set to 50: AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIj JCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZH SElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWpr bG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKz tLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX 2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7 /P3+/w== case 6:Mime Block from e-mail: (Data same as test case 5) case 7: Large files: Tested 28 MB file in/out. case 8: Random Binary Integrity: This binary program (b64.exe) was encoded to base64, back to binary and then executed. case 9 Stress: All files in a working directory encoded/decoded and compared with file comparison utility to ensure that multiple runs do not cause problems such as exhausting file handles, tmp storage, etc. ------------- Syntax, operation and failure: All options/switches tested. Performs as expected. case 10: No Args -- Shows Usage Screen Return Code 1 (Invalid Syntax) case 11: One Arg (invalid) -- Shows Usage Screen Return Code 1 (Invalid Syntax) case 12: One Arg Help (-?) -- Shows detailed Usage Screen. Return Code 0 (Success -- help request is valid). case 13: One Arg Help (-h) -- Shows detailed Usage Screen. Return Code 0 (Success -- help request is valid). case 14: One Arg (valid) -- Uses stdin/stdout (filter) Return Code 0 (Sucess) case 15: Two Args (invalid file) -- shows system error. Return Code 2 (File Error) case 16: Encode non-existent file -- shows system error. Return Code 2 (File Error) case 17: Out of disk space -- shows system error. Return Code 3 (File I/O Error) ------------- Compile/Regression test: gcc compiled binary under Cygwin Microsoft Visual Studio under Windows 2000 Microsoft Version 6.0 C under Windows 2000DEPENDENCIES: NoneLICENCE: Copyright (c) 2001 Bob Trower, Trantor Standard Systems Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.VERSION HISTORY: Bob Trower 08/04/01 -- Create Version 0.00.00B\******************************************************************* */#include <stdio.h>#include <stdlib.h>/*** Translation Table as described in RFC1113*/static const char cb64[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";/*** Translation Table to decode (created by author)*/static const char cd64[]="|$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\\]^_`abcdefghijklmnopq";/*** encodeblock**** encode 3 8-bit binary bytes as 4 '6-bit' characters*/void encodeblock( unsigned char in[3], unsigned char out[4], int len ){ out[0] = cb64[ in[0] >> 2 ]; out[1] = cb64[ ((in[0] & 0x03) << 4) | ((in[1] & 0xf0) >> 4) ]; out[2] = (unsigned char) (len > 1 ? cb64[ ((in[1] & 0x0f) << 2) | ((in[2] & 0xc0) >> 6) ] : '='); out[3] = (unsigned char) (len > 2 ? cb64[ in[2] & 0x3f ] : '=');}/*** encode**** base64 encode a stream adding padding and line breaks as per spec.*/void encode( FILE *infile, FILE *outfile, int linesize ){ unsigned char in[3], out[4]; int i, len, blocksout = 0; while( !feof( infile ) ) { len = 0; for( i = 0; i < 3; i++ ) { in[i] = (unsigned char) getc( infile ); if( !feof( infile ) ) { len++; } else { in[i] = 0; } } if( len ) { encodeblock( in, out, len ); for( i = 0; i < 4; i++ ) { putc( out[i], outfile ); } blocksout++; } if( blocksout >= (linesize/4) || feof( infile ) ) { if( blocksout ) { fprintf( outfile, "
" ); } blocksout = 0; } }}/*** decodeblock**** decode 4 '6-bit' characters into 3 8-bit binary bytes*/void decodeblock( unsigned char in[4], unsigned char out[3] ){ out[ 0 ] = (unsigned char ) (in[0] << 2 | in[1] >> 4); out[ 1 ] = (unsigned char ) (in[1] << 4 | in[2] >> 2); out[ 2 ] = (unsigned char ) (((in[2] << 6) & 0xc0) | in[3]);}/*** decode**** decode a base64 encoded stream discarding padding, line breaks and noise*/void decode( FILE *infile, FILE *outfile ){ unsigned char in[4], out[3], v; int i, len; while( !feof( infile ) ) { for( len = 0, i = 0; i < 4 && !feof( infile ); i++ ) { v = 0; while( !feof( infile ) && v == 0 ) { v = (unsigned char) getc( infile ); v = (unsigned char) ((v < 43 || v > 122) ? 0 : cd64[ v - 43 ]); if( v ) { v = (unsigned char) ((v == '$') ? 0 : v - 61); } } if( !feof( infile ) ) { len++; if( v ) { in[ i ] = (unsigned char) (v - 1); } } else { in[i] = 0; } } if( len ) { decodeblock( in, out ); for( i = 0; i < len - 1; i++ ) { putc( out[i], outfile ); } } }}/*** returnable errors**** Error codes returned to the operating system.***/#define B64_SYNTAX_ERROR 1#define B64_FILE_ERROR 2#define B64_FILE_IO_ERROR 3#define B64_ERROR_OUT_CLOSE 4#define B64_LINE_SIZE_TO_MIN 5/*** b64_message**** Gather text messages in one place.***/char *b64_message( int errcode ){ #define B64_MAX_MESSAGES 6 char *msgs[ B64_MAX_MESSAGES ] = { "b64:000:Invalid Message Code.", "b64:001:Syntax Error -- check help for usage.", "b64:002:File Error Opening/Creating Files.", "b64:003:File I/O Error -- Note: output file not removed.", "b64:004:Error on output file close.", "b64:004:linesize set to minimum." }; char *msg = msgs[ 0 ]; if( errcode > 0 && errcode < B64_MAX_MESSAGES ) { msg = msgs[ errcode ]; } return( msg );}/*** b64**** 'engine' that opens streams and calls encode/decode*/int b64( int opt, char *infilename, char *outfilename, int linesize ){ FILE *infile; int retcode = B64_FILE_ERROR; if( !infilename ) { infile = stdin; } else { infile = fopen( infilename, "rb" ); } if( !infile ) { perror( infilename ); } else { FILE *outfile; if( !outfilename ) { outfile = stdout; } else { outfile = fopen( outfilename, "wb" ); } if( !outfile ) { perror( outfilename ); } else { if( opt == 'e' ) { encode( infile, outfile, linesize ); } else { decode( infile, outfile ); } if (ferror( infile ) || ferror( outfile )) { retcode = B64_FILE_IO_ERROR; } else { retcode = 0; } if( outfile != stdout ) { if( fclose( outfile ) != 0 ) { perror( b64_message( B64_ERROR_OUT_CLOSE ) ); retcode = B64_FILE_IO_ERROR; } } } if( infile != stdin ) { fclose( infile ); } } return( retcode );}/*** showuse**** display usage information, help, version info*/void showuse( int morehelp ){ { printf( "
" ); printf( " b64 (Base64 Encode/Decode) Bob Trower 08/03/01
" ); printf( " (C) Copr Bob Trower 1986-01. Version 0.00B
" ); printf( " Usage: b64 -option [ -l num ] [<FileIn> [<FileOut>]]
" ); printf( " Purpose: This program is a simple utility that implements
" ); printf( " Base64 Content-Transfer-Encoding (RFC1113).
" ); } if( !morehelp ) { printf( " Use -h option for additional help.
" ); } else { printf( " Options: -e encode to Base64 -h This help text.
" ); printf( " -d decode from Base64 -? This help text.
" ); printf( " Note: -l use to change line size (from 72 characters)
" ); printf( " Returns: 0 = success. Non-zero is an error code.
" ); printf( " ErrCode: 1 = Bad Syntax, 2 = File Open, 3 = File I/O
" ); printf( " Example: b64 -e binfile b64file <- Encode to b64
" ); printf( " b64 -d b64file binfile <- Decode from b64
" ); printf( " b64 -e -l40 infile outfile <- Line Length of 40
" ); printf( " Note: Will act as a filter, but this should only be
" ); printf( " used on text files due to translations made by
" ); printf( " operating systems.
" ); printf( " Release: 0.00.00, Tue Aug 7 2:00:00 2001, ANSI-SOURCE C
" ); }}#define B64_DEF_LINE_SIZE 72#define B64_MIN_LINE_SIZE 4#define THIS_OPT(ac, av) (ac > 1 ? av[1][0] == '-' ? av[1][1] : 0 : 0)/*** main**** parse and validate arguments and call b64 engine or help*/int main( int argc, char **argv ){ int opt = 0; int retcode = 0; int linesize = B64_DEF_LINE_SIZE; char *infilename = NULL, *outfilename = NULL; while( THIS_OPT( argc, argv ) ) { switch( THIS_OPT(argc, argv) ) { case 'l': linesize = atoi( &(argv[1][2]) ); if( linesize < B64_MIN_LINE_SIZE ) { linesize = B64_MIN_LINE_SIZE; printf( "%s
", b64_message( B64_LINE_SIZE_TO_MIN ) ); } break; case '?': case 'h': opt = 'h'; break; case 'e': case 'd': opt = THIS_OPT(argc, argv); break; default: opt = 0; break; } argv++; argc--; } switch( opt ) { case 'e': case 'd': infilename = argc > 1 ? argv[1] : NULL; outfilename = argc > 2 ? argv[2] : NULL; retcode = b64( opt, infilename, outfilename, linesize ); break; case 0: retcode = B64_SYNTAX_ERROR; case 'h': showuse( opt ); break; } if( retcode ) { printf( "%s
", b64_message( retcode ) ); } return( retcode );}  


View more random threads:

• GlobalMemoryEX
• Hook nhiều hàm API không bị cash, làm như thế nào?
• Tính số Icon Trong 1 File exe ?
• Làm sao để xoay ngược ảnh Bitmap khi sử dụng Webcam?
• inject DLL bằng SetWindowHookEx
• Sử dụng Win32API WriteProcessMemory trong .Net như thế nào ?
• cách bắt phím nhấn trên windows
• có thể Hook để tìm thời điểm chuẩn bị tắt máy không
• Chống hack DLL, chống inject DLL? giúp mình với.
• Không thể bắt được phím trong hook.

[artdeco113]

đây là yêu cầu của server khi muốn login vào nó

You need to know if the server accepts default credentials of the user or requires specific credentials. Credentials are simply the username and password of the user. All e-mail service providers require specific credentials. For example, to connect to your Gmail’s account and send mails via Gmail’s SMTP server, you will need to provide your mail address and password.

cho mình hỏi cách xây dựng 1 hàm hoặc 1 class để thực hiện được việc Credential này giống như class NetworkCredential trong C# vậy ?


http://forums.congdongcviet.com/show...537#post161537
http://forums.congdongcviet.com/atta...6&d=1283229114