Reverse cracking in penetration testing

As more and more companies focus on data security when developing programs, they often encrypt database connections and encrypt some sensitive data in the database to prevent data from being easily stolen! Therefore, we often find
Some encrypted connection strings are found during database connection. For those who have no adverse effects, it is possible that
Will be stopped here! However, we usually cannot meet this requirement, so we need to have some knowledge about reverse encryption and decryption during penetration testing! Next I will demonstrate how to encrypt and decrypt the data through some encryption and decryption processes.
 
 
 
Database connection string encryption (encryption and decryption in aspx)
Diverse encryption methods:
(1) Des encryption (asymmetric encryption)
<Add name = "democonn" connectionString = "server = localhost; database = test; uid = sa; pwd = sa;"/>
<Add name = "democonndes" connectionString = "fuWgz5qsA006DEV + G6ciq1XqAQEBs87717v8xEO7S8C1G3/WzkQPLQYyHlfsPSGb"/>
 
(2) aspnet_regiis (. net Framework provides an encryption method for database connection strings and can only be decrypted on encrypted machines)
 
<ConnectionStrings>
<Add name = "mytest" connectionString = "server =.; database = aa; uid = sa; pwd = sa"/>
</ConnectionStrings>
 
ConnectionStrings configProtectionProvider = "DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue> export/Cl + release/release + a193cYnIt82k/release/Vl8DoP + release/cztFMr2wreuP/release + release/PjPVD03e0 = </CipherValue>
</CipherData>
</EncryptedData>
</ConnectionStrings>
 
 
 
Data Encryption
Encryption of some sensitive data in the database, such as encryption of passwords and other fields, is usually md5, or can be self-written encryption, usually self-written encryption. We need to analyze the encryption algorithm and write the decryption algorithm for decryption;
(1) generally, the most common encryption used in the aspx program is des. Generally, the program also carries a decryption algorithm. In this case, you can directly call the decryption algorithm for decryption;
(2) Java class encryption;
After the Java program is compiled, the. java in the source code is compiled into a. class file. This type of file
It has been encrypted; direct opening is completely unrecognizable; now we can reverse decompile through The Decompilation software;