找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 web.Config加密解密最简单实用方法
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 2668|回复: 1
打印 上一主题 下一主题

web.Config加密解密最简单实用方法

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2013-8-5 15:33:53 | 显示全部楼层 回帖奖励 |倒序浏览 |阅读模式
web.config的文件多数的时候不希望别人看到,下面提供一个加密,解密的语句,简洁方便实用,先看到效果,至于加密的原理其他的网页上做了很多说明,这里只演示效果。
+ O4 X( W- ~2 }( f: V/ @  ~% C2 J  加密前的connectionStrings节点
' y; z& C9 J5 z# I  代码7 D9 Y& N9 v8 U
  <connectionStrings>
# Z& m+ ?: T% j  <add name="SQLConnString1" connectionString="server=WJW-PC\SQL2008;user id=sa;password=12345;Initial Catalog=dbFASH;min pool size=4;max pool size=400;" />; S* Z" Y0 B* Z
  <add name="eziyaConnectionString1" connectionString="Data Source=HOME-COMPUTER;Initial Catalog=dbFASH;Integrated Security=True;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"- u  c- v* z/ \
  providerName="System.Data.SqlClient" />
: @+ I: \. Q1 l: F8 I5 j7 Q  <add name="eziyaConnectionString2" connectionString="Data Source=192.168.1.200;Initial Catalog=dbFASHersist Security Info=True;User ID=taoka;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;") C* I; D7 Q6 \. l# N$ B
  providerName="System.Data.SqlClient" />
  G: ^5 G% {/ U' Z0 P# U& T4 O+ D  <add name="eziyaConnectionString3" connectionString="Data Source=192.168.61.160;Initial Catalog=dbFASHersist Security Info=True;User ID=sa;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"
$ p! K( ~) ~4 f, L8 A  providerName="System.Data.SqlClient" />
; q  v7 X+ V+ W1 C  </connectionStrings>. o' V7 \. Y* ^- T0 }
  加密后的connectionStrings的节点
$ d/ [/ s$ e, i0 q/ `  代码
' i( |- B/ \3 c- T- T  i  <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">  @; M8 w! T: d7 b) c$ `
  <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"( k9 s; [; e' y/ A& o& @+ [
  xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;% a$ a0 F6 j0 w- @) p# J
  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />( q& t  K7 X6 q- V( D- d5 v5 J
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
, c6 P  o2 ^* e- I0 E) S7 ]5 V  <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;; ~# D8 Y, R$ N; t3 K. `& ?
  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />: P9 _. C6 d. E7 n
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;$ Q: g+ h0 M# P4 q. m! D" a
  <KeyName>Rsa Key</KeyName>
5 B; C& U; R2 Q, E  </KeyInfo>
" H) l& F2 L, S8 k& o  <CipherData>
! h3 c9 c/ j7 [' R  <CipherValue>FOkydQFNniZvq71ua4XapuVCUrJFOARkXeqqwyKFoP+NGXGewehxYW0zTzIn/j+YCvH/r6ABoE/AfWMMEDyr81R1mhi4ckXbiJ2BvW612/W7f7Wkqj+FDwse+lgAISHZ5HfspaY1LBvKYAu1VEm6Iu6NlT35TPnjxFf+p5Apf0E=</CipherValue>5 g  v% |1 k. `- U' R$ _7 E9 c
  </CipherData>$ M- h9 Y6 w" U) R7 p
  </EncryptedKey>1 c0 `3 M$ q2 I& D" x
  </KeyInfo>
8 @5 O+ x9 l) ]$ K  l  <CipherData>+ H5 V$ o& w9 A# N- x
  <CipherValue>s3PKarSQ/tlnG5YcE/z/KLbnSLljw/nOj+aoafGD9eJRlZ092f5Ywx9IDRaKMqNQ6+OM3f0WOh57evnWqL8tjULwNHviMAP3RU/5CTCGfZ/k0u+jWAGYYuOxlT6/iKsMbceBGh5jmcwIG+d3itc+h+Qq5B3g8Jjbt8Y+IulmOYWEnp2xwC+Sm/IX8vjiT7jlAqUeikNYXCEcakv8GmuA0DvWBX2tuR0Iyjv8fPcyo//eRDIqKKQB22F2ikbT0/42qmgBfOCoC3M4IMRLS7rVpEUu6JYNuoXPtvaKZhQZxNmE3zIlVPyBbPOd4VatPDCWWO9VivTbMMV+ekEDhohHbeFGHBlSi75FSXCMEz1O53gbg1LDC5nJvZUAU2+suQeEoumoMEYkH27J+p5H2xCOivPnQuPx+xRFT9btNWm/P8wpw7FUdxwqRh6JJbUYnpKc5unC76OXhAAYK+5cp+oISOyMMkFYvzCstKpYYYwQ/xW/v9Kx4XgmRKRht6lgBdbiTJhVTTzWwybVx1laOrvIYL5UR3XuqdVhH8rQYx2M3acTh5zvUKmeha6DsOVngWzm0NQ6jX3pQHOP43hZddg6di6lTNdhRRnSxaYcDVhB+n9scjHtGqAXCTJw9agz2En2P9hSZnzMbaS9Qdq9MoJK3h7plJWwIyPhPktA4qXYQCBVDV+aPLyPrBjsVddfnO/yJixaO2alcH8UuTPrACzzHRKn0YwtQFHt/I4/Vb7vsX2VoaFc0BrMxzYe6z/klVope9h6uOUReSbA5E7AGNPh8OaUW8GqzFY/5/N46gofk7g/W/Egz2o9YFGUbWQduh3VK2jF0xy/cbwE0qm7tI8mmlyUnGBfy7GuHK7YM32C4g3ZUsOv38kZoiHMjjHuzfS1lMPwTS6FPBS71UN8mdK58pakcZB2rqq3ysDPkgYvGs+E98j8v9P58rEXPW99uipSRvQeQXflp7DElEuqxVh29NuxJBkOaUaR1qPd2wepRH51MS6b3RlsTpGFEEBOw4/sNt90hzaSWeydleag9mo6803wC5DDp5hJAFBJH4+jiJwfKVzKFp133OfFoGy5ea8T6RruIVMiQRWCH/zCh3FuhkOwUcc25tPfeIZgAgFlmrzCg0E4pfIfHoni//x12kuwXYefJ5IUk6BizOPP2zul831o+Irx8MfWR8n64ZAHZvKfa6BXksN+0HLAsBsPzLRrppHyFMqIBuNe1iWxBM+j3PQUeN+oXJog79YoFxdd4cf1+jMZn0+ee7aOvEu4WGv3WT25FFiYLdO99uzXOPn7UTolUqmkYlYelgh5n5QmFd4WsqOt4oYE5CFadI/n/MsLpVJmJTzA+8CAD26cpuOmloyHzsEpqUWZb5lAO9jfDVu9F6SznBr0iaCkko5jw2kZw4tqRx2B+9eUNPTQGRPRVgc5stAFVf13w974sRrwCvGRSq0U/71cBSE8KSLOj/aGf2p4UBSUPRk=</CipherValue>
$ m- U2 h( |! I8 ~4 B0 `# k  </CipherData>: [, X; ^- K2 i6 b' G
  </EncryptedData>* D9 y" q$ g0 J% L
  </connectionStrings>$ `+ N6 w; R' _, Z
  完全看不到连接的信息!9 x3 x7 r/ ?9 |
  下面是两个.bat批处理文件
1 R% O- X( f7 f  o  加密:0 h# a+ L. {* z2 P
  @echo off0 l2 e. j1 M3 x- m0 A/ F
  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings" "E:\code\proj\Web"; u- G+ w1 c2 s
  解密:
. l9 M/ g% p# [: b$ r4 Q1 }( |$ ?  @echo off
) ?4 s9 Y* P; L  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pdf "connectionStrings" "E:\code\proj\Web"
' m* p5 a6 S2 X$ c0 ?# K  PAUSE
, a. A( [4 d' D. T& e  直接将语句拷贝到.BAT文件中,E:\code\proj\Web为相应的web.config所在的路径,只能在一台电脑上操作,否则不可逆
password, server, False, 加密, 网页

相关帖子
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表