找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 web.Config加密解密最简单实用方法
返回列表 发新帖
查看: 3408|回复: 1
打印 上一主题 下一主题

web.Config加密解密最简单实用方法

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2013-8-5 15:33:53 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
web.config的文件多数的时候不希望别人看到,下面提供一个加密,解密的语句,简洁方便实用,先看到效果,至于加密的原理其他的网页上做了很多说明,这里只演示效果。
- K9 U9 v3 T( ]$ ?  加密前的connectionStrings节点
" o* a# W4 r) z% A$ u& G  代码
. d  {" p* j' K2 a) O3 i2 P5 }  <connectionStrings>+ B( S: b: B- {! x: n
  <add name="SQLConnString1" connectionString="server=WJW-PC\SQL2008;user id=sa;password=12345;Initial Catalog=dbFASH;min pool size=4;max pool size=400;" />8 R# O. u' r, |  }/ c
  <add name="eziyaConnectionString1" connectionString="Data Source=HOME-COMPUTER;Initial Catalog=dbFASH;Integrated Security=True;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"
1 Q% X- r+ T/ h  providerName="System.Data.SqlClient" />: S6 k5 k% d) s
  <add name="eziyaConnectionString2" connectionString="Data Source=192.168.1.200;Initial Catalog=dbFASHersist Security Info=True;User ID=taoka;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"
' j5 B3 p0 \5 F4 g  providerName="System.Data.SqlClient" />
: T6 |9 Y3 F6 P" h3 v- ~& \' P  <add name="eziyaConnectionString3" connectionString="Data Source=192.168.61.160;Initial Catalog=dbFASHersist Security Info=True;User ID=sa;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"
1 T) T) X/ ^7 t7 G  }( I* H  providerName="System.Data.SqlClient" />; ]' `. \/ O' I! y3 V! k, R6 |
  </connectionStrings>$ _& m8 ^9 ~+ w1 l/ H$ D
  加密后的connectionStrings的节点
9 z! \& K( F# o. Q3 `( G1 c' T! D8 M  代码- ^7 u" N9 |5 |7 Y2 r
  <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
/ m$ U4 J6 \* ^$ }  [# [8 w  <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"( Y6 H% V3 Z/ E2 d! e$ r$ W' s
  xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;  C, M/ q# a4 b5 V
  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
, @" N! |( K6 ~; W! z- G  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
3 ?% Z- Q8 w! ]& R' D  <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;
3 y$ ^) C% W( a2 q5 c  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />+ g/ G6 a4 A3 K- W
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;0 U8 @. b0 @% m9 G; I+ R2 w
  <KeyName>Rsa Key</KeyName>
2 `6 R/ T  W, ^% {! H" ~2 u2 R. f" f0 J  </KeyInfo>
7 S  B" O7 v; V; k  j  <CipherData>/ V' ~+ [7 z7 ]+ e8 t+ V7 u7 h0 D
  <CipherValue>FOkydQFNniZvq71ua4XapuVCUrJFOARkXeqqwyKFoP+NGXGewehxYW0zTzIn/j+YCvH/r6ABoE/AfWMMEDyr81R1mhi4ckXbiJ2BvW612/W7f7Wkqj+FDwse+lgAISHZ5HfspaY1LBvKYAu1VEm6Iu6NlT35TPnjxFf+p5Apf0E=</CipherValue>! N, @! W; S3 @2 X+ C2 q8 j/ p" ?
  </CipherData>5 o2 n8 T9 ^& u% ?3 J% N
  </EncryptedKey>) j5 [; \3 n: j
  </KeyInfo>
1 A: E& G5 W1 i! }  <CipherData>) J: p" h. x$ j! I
  <CipherValue>s3PKarSQ/tlnG5YcE/z/KLbnSLljw/nOj+aoafGD9eJRlZ092f5Ywx9IDRaKMqNQ6+OM3f0WOh57evnWqL8tjULwNHviMAP3RU/5CTCGfZ/k0u+jWAGYYuOxlT6/iKsMbceBGh5jmcwIG+d3itc+h+Qq5B3g8Jjbt8Y+IulmOYWEnp2xwC+Sm/IX8vjiT7jlAqUeikNYXCEcakv8GmuA0DvWBX2tuR0Iyjv8fPcyo//eRDIqKKQB22F2ikbT0/42qmgBfOCoC3M4IMRLS7rVpEUu6JYNuoXPtvaKZhQZxNmE3zIlVPyBbPOd4VatPDCWWO9VivTbMMV+ekEDhohHbeFGHBlSi75FSXCMEz1O53gbg1LDC5nJvZUAU2+suQeEoumoMEYkH27J+p5H2xCOivPnQuPx+xRFT9btNWm/P8wpw7FUdxwqRh6JJbUYnpKc5unC76OXhAAYK+5cp+oISOyMMkFYvzCstKpYYYwQ/xW/v9Kx4XgmRKRht6lgBdbiTJhVTTzWwybVx1laOrvIYL5UR3XuqdVhH8rQYx2M3acTh5zvUKmeha6DsOVngWzm0NQ6jX3pQHOP43hZddg6di6lTNdhRRnSxaYcDVhB+n9scjHtGqAXCTJw9agz2En2P9hSZnzMbaS9Qdq9MoJK3h7plJWwIyPhPktA4qXYQCBVDV+aPLyPrBjsVddfnO/yJixaO2alcH8UuTPrACzzHRKn0YwtQFHt/I4/Vb7vsX2VoaFc0BrMxzYe6z/klVope9h6uOUReSbA5E7AGNPh8OaUW8GqzFY/5/N46gofk7g/W/Egz2o9YFGUbWQduh3VK2jF0xy/cbwE0qm7tI8mmlyUnGBfy7GuHK7YM32C4g3ZUsOv38kZoiHMjjHuzfS1lMPwTS6FPBS71UN8mdK58pakcZB2rqq3ysDPkgYvGs+E98j8v9P58rEXPW99uipSRvQeQXflp7DElEuqxVh29NuxJBkOaUaR1qPd2wepRH51MS6b3RlsTpGFEEBOw4/sNt90hzaSWeydleag9mo6803wC5DDp5hJAFBJH4+jiJwfKVzKFp133OfFoGy5ea8T6RruIVMiQRWCH/zCh3FuhkOwUcc25tPfeIZgAgFlmrzCg0E4pfIfHoni//x12kuwXYefJ5IUk6BizOPP2zul831o+Irx8MfWR8n64ZAHZvKfa6BXksN+0HLAsBsPzLRrppHyFMqIBuNe1iWxBM+j3PQUeN+oXJog79YoFxdd4cf1+jMZn0+ee7aOvEu4WGv3WT25FFiYLdO99uzXOPn7UTolUqmkYlYelgh5n5QmFd4WsqOt4oYE5CFadI/n/MsLpVJmJTzA+8CAD26cpuOmloyHzsEpqUWZb5lAO9jfDVu9F6SznBr0iaCkko5jw2kZw4tqRx2B+9eUNPTQGRPRVgc5stAFVf13w974sRrwCvGRSq0U/71cBSE8KSLOj/aGf2p4UBSUPRk=</CipherValue>( E, g6 Q9 j! t1 r' _7 }8 Q  K  k
  </CipherData>3 C; Z& Z2 E; o
  </EncryptedData>0 F( @( @* z; B; f0 C
  </connectionStrings>
* ?7 C+ U9 n# ~/ C: ]  完全看不到连接的信息!
. a+ P* B/ y! C( b6 e0 W  下面是两个.bat批处理文件
# y. h' A9 n- T& v7 D  加密:
+ c1 Z( b- P: ]( l3 C8 K6 M1 w! Y3 y  @echo off
  @7 f+ W# _$ ^# M  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings" "E:\code\proj\Web"5 ^3 j8 l( K+ H7 i) w
  解密:
! ]: `0 X7 x% W  @echo off" e9 M9 I% Y/ F: Q! V( I; n8 z
  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pdf "connectionStrings" "E:\code\proj\Web"% a* K% _; M4 [. u3 F
  PAUSE' A2 M! ~0 u8 w) u3 H0 Q4 z4 w
  直接将语句拷贝到.BAT文件中,E:\code\proj\Web为相应的web.config所在的路径,只能在一台电脑上操作,否则不可逆
password, server, False, 加密, 网页

相关帖子
回复

使用道具 举报

Anthony~
沙发
发表于 2013-8-5 19:31:27 | 只看该作者
好方法。我正好刚遇到这个问题
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表