找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 web.Config加密解密最简单实用方法
返回列表 发新帖
查看: 3636|回复: 1
打印 上一主题 下一主题

web.Config加密解密最简单实用方法

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2013-8-5 15:33:53 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
web.config的文件多数的时候不希望别人看到,下面提供一个加密,解密的语句,简洁方便实用,先看到效果,至于加密的原理其他的网页上做了很多说明,这里只演示效果。
8 X, \1 h1 v- \  e  加密前的connectionStrings节点3 |# b+ o% y4 J( f, ?
  代码
( Q7 B* O% ~. w  <connectionStrings>
  g! F$ s6 S, N) G# W; |* M: N2 O  <add name="SQLConnString1" connectionString="server=WJW-PC\SQL2008;user id=sa;password=12345;Initial Catalog=dbFASH;min pool size=4;max pool size=400;" />: _2 O" Z. v+ y% I8 K3 r
  <add name="eziyaConnectionString1" connectionString="Data Source=HOME-COMPUTER;Initial Catalog=dbFASH;Integrated Security=True;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"
- \! ~& B2 x$ |+ A/ R* V: o- T: |  providerName="System.Data.SqlClient" />
5 x9 n% U/ W* o7 B  <add name="eziyaConnectionString2" connectionString="Data Source=192.168.1.200;Initial Catalog=dbFASHersist Security Info=True;User ID=taoka;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"
4 [! v) K3 T" D' d9 \5 J  providerName="System.Data.SqlClient" />, I# h; l% V% z& i  e! k" ~
  <add name="eziyaConnectionString3" connectionString="Data Source=192.168.61.160;Initial Catalog=dbFASHersist Security Info=True;User ID=sa;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"; n6 o. s% {+ d8 _& ]9 T
  providerName="System.Data.SqlClient" />
. C/ y) [# _) U4 ?3 h* E  </connectionStrings>
- c- J% H5 v  B7 n$ V. \7 c/ {% T  加密后的connectionStrings的节点
0 K* U; w  G4 N# a/ I& p8 D: \  i  代码; T* T! k- {7 x* x
  <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">, F0 n5 T$ W" \: Y# @* S  r0 R
  <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
% g& [) |$ l" N1 Y" p  xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;
; O) x2 `/ u7 u) z  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />/ E+ u1 C+ z( u# F- F7 `) a$ U
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
2 y1 t* x- S3 r- }' a& Q  <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;3 z$ o! Z5 c( I& l  t7 v8 f: `9 B: |
  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /># q* g' C- u' D' r$ S: w
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;; i4 p6 W3 L, y  @" h# O( g- X
  <KeyName>Rsa Key</KeyName>
1 ?$ U) n7 ~5 t5 f  </KeyInfo>) X  ~3 O7 j8 B
  <CipherData>7 O* f  D$ V" L. X
  <CipherValue>FOkydQFNniZvq71ua4XapuVCUrJFOARkXeqqwyKFoP+NGXGewehxYW0zTzIn/j+YCvH/r6ABoE/AfWMMEDyr81R1mhi4ckXbiJ2BvW612/W7f7Wkqj+FDwse+lgAISHZ5HfspaY1LBvKYAu1VEm6Iu6NlT35TPnjxFf+p5Apf0E=</CipherValue>
: y1 X- {! S: e$ E6 _  </CipherData>
. N" B# u) e4 A  </EncryptedKey>
# N( v- B$ O- S+ R* ~  </KeyInfo>
% A4 d+ g7 P9 i4 Q9 r' `  <CipherData>
3 @1 K. D# p+ M8 k" Y) Y* E- Y  <CipherValue>s3PKarSQ/tlnG5YcE/z/KLbnSLljw/nOj+aoafGD9eJRlZ092f5Ywx9IDRaKMqNQ6+OM3f0WOh57evnWqL8tjULwNHviMAP3RU/5CTCGfZ/k0u+jWAGYYuOxlT6/iKsMbceBGh5jmcwIG+d3itc+h+Qq5B3g8Jjbt8Y+IulmOYWEnp2xwC+Sm/IX8vjiT7jlAqUeikNYXCEcakv8GmuA0DvWBX2tuR0Iyjv8fPcyo//eRDIqKKQB22F2ikbT0/42qmgBfOCoC3M4IMRLS7rVpEUu6JYNuoXPtvaKZhQZxNmE3zIlVPyBbPOd4VatPDCWWO9VivTbMMV+ekEDhohHbeFGHBlSi75FSXCMEz1O53gbg1LDC5nJvZUAU2+suQeEoumoMEYkH27J+p5H2xCOivPnQuPx+xRFT9btNWm/P8wpw7FUdxwqRh6JJbUYnpKc5unC76OXhAAYK+5cp+oISOyMMkFYvzCstKpYYYwQ/xW/v9Kx4XgmRKRht6lgBdbiTJhVTTzWwybVx1laOrvIYL5UR3XuqdVhH8rQYx2M3acTh5zvUKmeha6DsOVngWzm0NQ6jX3pQHOP43hZddg6di6lTNdhRRnSxaYcDVhB+n9scjHtGqAXCTJw9agz2En2P9hSZnzMbaS9Qdq9MoJK3h7plJWwIyPhPktA4qXYQCBVDV+aPLyPrBjsVddfnO/yJixaO2alcH8UuTPrACzzHRKn0YwtQFHt/I4/Vb7vsX2VoaFc0BrMxzYe6z/klVope9h6uOUReSbA5E7AGNPh8OaUW8GqzFY/5/N46gofk7g/W/Egz2o9YFGUbWQduh3VK2jF0xy/cbwE0qm7tI8mmlyUnGBfy7GuHK7YM32C4g3ZUsOv38kZoiHMjjHuzfS1lMPwTS6FPBS71UN8mdK58pakcZB2rqq3ysDPkgYvGs+E98j8v9P58rEXPW99uipSRvQeQXflp7DElEuqxVh29NuxJBkOaUaR1qPd2wepRH51MS6b3RlsTpGFEEBOw4/sNt90hzaSWeydleag9mo6803wC5DDp5hJAFBJH4+jiJwfKVzKFp133OfFoGy5ea8T6RruIVMiQRWCH/zCh3FuhkOwUcc25tPfeIZgAgFlmrzCg0E4pfIfHoni//x12kuwXYefJ5IUk6BizOPP2zul831o+Irx8MfWR8n64ZAHZvKfa6BXksN+0HLAsBsPzLRrppHyFMqIBuNe1iWxBM+j3PQUeN+oXJog79YoFxdd4cf1+jMZn0+ee7aOvEu4WGv3WT25FFiYLdO99uzXOPn7UTolUqmkYlYelgh5n5QmFd4WsqOt4oYE5CFadI/n/MsLpVJmJTzA+8CAD26cpuOmloyHzsEpqUWZb5lAO9jfDVu9F6SznBr0iaCkko5jw2kZw4tqRx2B+9eUNPTQGRPRVgc5stAFVf13w974sRrwCvGRSq0U/71cBSE8KSLOj/aGf2p4UBSUPRk=</CipherValue>( [( l/ }$ E/ e5 B: g" C
  </CipherData>3 m4 {" G" }. d% O# v  x
  </EncryptedData>! g3 U; r6 C$ S5 b1 f; Y8 q3 s) B) o
  </connectionStrings>( ?* q3 I0 p+ b# R  [1 {
  完全看不到连接的信息!, a! h+ h9 k6 j& J+ h  q0 Y
  下面是两个.bat批处理文件# _0 G2 C) t& q9 H
  加密:
9 ~7 ~( x" m/ h- w; I$ _. ]  @echo off; a+ H# a% h4 y7 q' r
  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings" "E:\code\proj\Web"
. K0 n0 s+ x; n2 v" T: [2 F  解密:/ `! v4 g, `" X6 R6 [# P
  @echo off% w& l' g$ w! q  Y
  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pdf "connectionStrings" "E:\code\proj\Web"3 x$ J$ p0 Q% h+ s' B0 ]
  PAUSE
, u0 J: ^9 c' f: F# m  直接将语句拷贝到.BAT文件中,E:\code\proj\Web为相应的web.config所在的路径,只能在一台电脑上操作,否则不可逆
password, server, False, 加密, 网页

相关帖子
回复

使用道具 举报

Anthony~
沙发
发表于 2013-8-5 19:31:27 | 只看该作者
好方法。我正好刚遇到这个问题
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表