For A website, we call it Station A (in the service area of station A). He has put the program of station A Down, And Station A is used. net, he sets up the program of Station A to the local machine, the program can run, and then he wants to find the connection database string for connection, and then start to brush the database, he is on the web of station A source program. find the database connection character in the config file and find that the database is not on server A, but can be connected to server B. When the database is connected, the data is encrypted, the encrypted data is similar to "1LUwUKMRroErMRR0vFD4Ow =". You must say that you can find the background from website A and then add the data... The key issue is here. Website A has no backend and only has the query function. Maybe you will ask, how does the Administrator add data? I don't know about this. Maybe I want to add data to another internal website or add data to the C/S program on a dedicated computer, (after all, this is not an ordinary website, you know ). Well, since we don't know where to add the data, but now we can use the following: 1. We have the database card number and password of server B. 2. The Source Code Compiled by website A is available .. If you do not have the source code of website A, you can find the decryption method and then add data... Hey. Understanding. net users all know that ,. net is the frontend (*. aspx) and background (*. cs), unlike some other websites that are written on pages, when a programmer writes a website, they will publish the website and put the background files (*. cs) all compiled *. dll, that is, all the source files and all the background Code are in *. dll, including our decryption methods, are in *. dll. Speaking of this, some people must be big. What should I do?
Okay, no nonsense. Come with me. Let's talk about my ideas first. We already have website A. website A must have A decryption method, what we need to do now is to find the decryption method, write the encryption method according to the algorithm, and then refresh the database.
OK. Clear thinking. Let's get started,
Step 1: decrypt
Because the decryption method is in *. dll, we will begin to decompile *. dll. We need to find *. dll in the bin directory of website. So which one should we rely on experience?
Let's take a look.
EWebEditorExt. UI. dll. You know, it's definitely not him.
EWebEditorExt. Web. dll is the same as above
FredCK. FCKeditorV2.dll above
MySql. Data. dll mysql, same as above
SoftRoad. IBMS. BLL. dll BLL, experience tells me that it won't be him,
SoftRoad. IBMS. Common. dll is probably his
SoftRoad. IBMS. DAL. dll DAL, experience tells me not to be him
SoftRoad. IBMS. IDAL. dll IDAL, experience tells me not to be him (design mode ,)
SoftRoad. IBMS. Web. dll is probably his
Common. dll is probably his
OK. Now that we have determined the three, all we need to do is decompile the three *. dll files. Start to fry a guy.
The tool we use is “reflector.exe"
: Http://download.csdn.net/source/3152574
Let's take a look at the software:
OK. Now we load the two we just found *. dll, open it and look at it. We need to find the encrypted text one by one. The average programmer will write it like "DES" or "Encrypt, it is not ruled out that some programs will be written as "xixi" and "haha. It depends on whether you can meet a programmer with code specifications. I load data one by one. I find it tricky when I find this position .....
I found nothing. There are many encryption methods, such as DES and MD5. Everything is available. Now we have basically found the encrypted file. Now we want to find out which encryption method is used, we will continue to look at the location where he logs in (this is A website I am looking for, not website A, because website A is classified and does not dare, the principle is the same)
We found his login location and confirmed that his encryption method is DES encryption.
We can click DES. EDSEncode to enter the method, and the DES. Keys2 may be a key.
(Note)
I can't see it, but I have tracked it in. I noted it out. He accepted an encryptKey, And the Keys may still be the key. He began to look for the key.
The Keys2 is under the <connectionStrings> node in web. config.
OK, remember the DES. Keys2 on the login page... This is the one in web. config.
OK. The encryption method is also known as DES .. The encryption code is also available. It is not difficult to write and decrypt it now... You are looking for a file... You will find the decrypted code (experience )...
The above is the decryption code .. The following is the encryption code... Hey .. The encryption and decryption code is available. The key is also available. I don't need to talk about the following. Write a decryption program .. Start to brush the database ..
In fact, many programmers write the two keys to the file and do not write them into web. config. Because they generally do not pay attention to security. Writing to web. config is my habit... Hey, because secondary encryption is available later
Under the C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 directory, there is an aspnet_regiis.exe
We can use this method to encrypt the connectionStrings node in the web. config file. This encryption method can only be decrypted on the encrypted computer, but not on other computers. High security.
Encryption command: aspnet_regiis-VF "connectionStrings" "E: \ work \ xahacker \ street poet"
Decryption command: aspnet_regiis-pdf "connectionStrings" "E: \ work \ xahacker \ street poet"
Before encryption:
<ConnectionStrings>
<Add name = "DES" connectionString = "12345678"/>
</ConnectionStrings>
After encryption:
<ConnectionStringsconfigProtectionProvider = "RsaProtectedConfigurationProvider">
<EncryptedDataType = "http://www.w3.org/2001/04/xmlenc#Element"
Xmlns = "http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethodAlgorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns = "http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#">
<KeyName> Rsa Key </KeyName>
</KeyInfo>
<CipherData>
<CipherValue> signature/bZq1itnH6Bohd4/Signature/SflTs5K3mAcner + 69NcDh3fagh7 + tazcwatg169tyauosv9tajr + Signature = </CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue> wwvPtbu + cQ1A/wGBIquLQLXSQ7b8VxOLCaDWdfXZ + T62BdHhWKLM8BXkw8Ti8YS/authorization + lPzOw8UGjfylM = </CipherValue>
</CipherData>
</EncryptedData>
</ConnectionStrings>
Reprint please declare the Source: Street head publisher's blog http://hi.baidu.com/xahacker