Detailed process of qingguo educational administration network management system intrusion and cracking

Not long ago, I got the source code of the system and was curious about its database connection string. For example, I thought it was only base64 encoding, but I couldn't decode it with base64, on the login interface, you need to call the database without finding the relevant code. Then, use reflector to decompile the DLL file and find its database encryption function. As you can see, perform DES encryption on the pStr string to be encrypted. The DES encryption key buffer1 is obtained through the getSN () function. The initialization vector buffer2 is the default value. Then follow up the getSN () function. If you can find that this function is implemented through getVol. the GetVolOf () function obtains a value, performs MD5 encryption, and obtains a string and returns it as the key to follow up getVol. getVolOf () function getVol. the GetVolumeInformation () function is used to obtain information about a specified disk partition. The input parameter of this function is c, and the information of disk c is obtained, the value of the returned value num1 is the volume serial number. After knowing the encryption key and initial vector, You can decrypt the ciphertext. The DLL also contains the decryption function, it simplifies its original code by writing a decryption program. The password of the database in the encrypted string is decrypted. The serial number of the drive c is obtained through dir c. You need to convert the obtained hexadecimal value to the hexadecimal value. For example, you can decrypt the encrypted string successfully.