找回密码
 立即注册
中国网络渗透测试联盟»论坛 --==渗透测试区{ Penetration testing area }==-- web app渗透测试::『Web App penetration testing』 web.Config加密解密最简单实用方法
欢迎中测联盟老会员回家,1997年注册的域名
返回列表 发新帖
查看: 3345|回复: 1
打印 上一主题 下一主题

web.Config加密解密最简单实用方法

[复制链接]
admin
跳转到指定楼层
楼主
发表于 2013-8-5 15:33:53 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
web.config的文件多数的时候不希望别人看到,下面提供一个加密,解密的语句,简洁方便实用,先看到效果,至于加密的原理其他的网页上做了很多说明,这里只演示效果。! D% `) J1 g' t4 K8 W
  加密前的connectionStrings节点
0 p' Z* f" T2 c+ a4 T# F) n  代码
% y' V7 \3 d5 `8 l0 F4 A  <connectionStrings>
) L7 a! g: R( t/ a/ j& o* t# k" f1 y  <add name="SQLConnString1" connectionString="server=WJW-PC\SQL2008;user id=sa;password=12345;Initial Catalog=dbFASH;min pool size=4;max pool size=400;" />
2 |+ _* T6 F% u* v; H  f: e  <add name="eziyaConnectionString1" connectionString="Data Source=HOME-COMPUTER;Initial Catalog=dbFASH;Integrated Security=True;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"
( O5 P( F% {( c! y2 _  providerName="System.Data.SqlClient" />& q( A1 T. N+ z5 ]' M
  <add name="eziyaConnectionString2" connectionString="Data Source=192.168.1.200;Initial Catalog=dbFASHersist Security Info=True;User ID=taoka;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"
  w* x" V% M& q  m) U# ]) Q  providerName="System.Data.SqlClient" />
+ _- v5 U0 b# \6 @( W  <add name="eziyaConnectionString3" connectionString="Data Source=192.168.61.160;Initial Catalog=dbFASHersist Security Info=True;User ID=sa;MultipleActiveResultSets=Falseacket Size=4096;Application Name=&quot;Microsoft SQL Server Management Studio&quot;"
; V, ]% ]" a4 e# j8 x8 v  providerName="System.Data.SqlClient" />7 _" u8 p) l% m6 y+ v! R
  </connectionStrings>! U4 G' C0 d/ w2 i3 z% Q# {
  加密后的connectionStrings的节点0 k5 |" ~5 d+ A; t' C
  代码
. b9 G" G/ y4 S  <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">) X& v6 I4 c: {1 o4 \
  <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element") k$ P  M" l) ^. z
  xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;
  m7 {6 V* F- m; q2 ^- ]2 a2 {3 I  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
7 D( H+ ~' p7 s0 v# k+ W" \% S  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;. r3 W) u# L, ^
  <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;
5 n4 k! A. N" A) @7 v# V5 Y  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />2 H4 Y, P' p0 L( k
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;4 j; A/ g$ O# H' u" d- `4 P; K
  <KeyName>Rsa Key</KeyName>
( D* U% o8 q& A$ q( F6 @% ?: y6 v  </KeyInfo>; e& ^+ @0 g) l& S( |0 h" R3 c
  <CipherData>
0 [( H2 g- Y6 D1 I% a  <CipherValue>FOkydQFNniZvq71ua4XapuVCUrJFOARkXeqqwyKFoP+NGXGewehxYW0zTzIn/j+YCvH/r6ABoE/AfWMMEDyr81R1mhi4ckXbiJ2BvW612/W7f7Wkqj+FDwse+lgAISHZ5HfspaY1LBvKYAu1VEm6Iu6NlT35TPnjxFf+p5Apf0E=</CipherValue>* P5 @( {+ ^0 z2 r
  </CipherData>/ ~5 P& Y- H, q( K' L. u& {, Z
  </EncryptedKey>4 ]# ~+ V2 {( n8 ]3 ]) B$ {$ u
  </KeyInfo>
. g8 F! T) g8 Q! g# c( k' ^  <CipherData>6 F/ H* {3 g! H! s3 A* n! V+ U% k, h
  <CipherValue>s3PKarSQ/tlnG5YcE/z/KLbnSLljw/nOj+aoafGD9eJRlZ092f5Ywx9IDRaKMqNQ6+OM3f0WOh57evnWqL8tjULwNHviMAP3RU/5CTCGfZ/k0u+jWAGYYuOxlT6/iKsMbceBGh5jmcwIG+d3itc+h+Qq5B3g8Jjbt8Y+IulmOYWEnp2xwC+Sm/IX8vjiT7jlAqUeikNYXCEcakv8GmuA0DvWBX2tuR0Iyjv8fPcyo//eRDIqKKQB22F2ikbT0/42qmgBfOCoC3M4IMRLS7rVpEUu6JYNuoXPtvaKZhQZxNmE3zIlVPyBbPOd4VatPDCWWO9VivTbMMV+ekEDhohHbeFGHBlSi75FSXCMEz1O53gbg1LDC5nJvZUAU2+suQeEoumoMEYkH27J+p5H2xCOivPnQuPx+xRFT9btNWm/P8wpw7FUdxwqRh6JJbUYnpKc5unC76OXhAAYK+5cp+oISOyMMkFYvzCstKpYYYwQ/xW/v9Kx4XgmRKRht6lgBdbiTJhVTTzWwybVx1laOrvIYL5UR3XuqdVhH8rQYx2M3acTh5zvUKmeha6DsOVngWzm0NQ6jX3pQHOP43hZddg6di6lTNdhRRnSxaYcDVhB+n9scjHtGqAXCTJw9agz2En2P9hSZnzMbaS9Qdq9MoJK3h7plJWwIyPhPktA4qXYQCBVDV+aPLyPrBjsVddfnO/yJixaO2alcH8UuTPrACzzHRKn0YwtQFHt/I4/Vb7vsX2VoaFc0BrMxzYe6z/klVope9h6uOUReSbA5E7AGNPh8OaUW8GqzFY/5/N46gofk7g/W/Egz2o9YFGUbWQduh3VK2jF0xy/cbwE0qm7tI8mmlyUnGBfy7GuHK7YM32C4g3ZUsOv38kZoiHMjjHuzfS1lMPwTS6FPBS71UN8mdK58pakcZB2rqq3ysDPkgYvGs+E98j8v9P58rEXPW99uipSRvQeQXflp7DElEuqxVh29NuxJBkOaUaR1qPd2wepRH51MS6b3RlsTpGFEEBOw4/sNt90hzaSWeydleag9mo6803wC5DDp5hJAFBJH4+jiJwfKVzKFp133OfFoGy5ea8T6RruIVMiQRWCH/zCh3FuhkOwUcc25tPfeIZgAgFlmrzCg0E4pfIfHoni//x12kuwXYefJ5IUk6BizOPP2zul831o+Irx8MfWR8n64ZAHZvKfa6BXksN+0HLAsBsPzLRrppHyFMqIBuNe1iWxBM+j3PQUeN+oXJog79YoFxdd4cf1+jMZn0+ee7aOvEu4WGv3WT25FFiYLdO99uzXOPn7UTolUqmkYlYelgh5n5QmFd4WsqOt4oYE5CFadI/n/MsLpVJmJTzA+8CAD26cpuOmloyHzsEpqUWZb5lAO9jfDVu9F6SznBr0iaCkko5jw2kZw4tqRx2B+9eUNPTQGRPRVgc5stAFVf13w974sRrwCvGRSq0U/71cBSE8KSLOj/aGf2p4UBSUPRk=</CipherValue>
7 [0 R( a1 ]: L; _( C0 D2 [  </CipherData>
+ b5 \' S) v6 m) I0 r  </EncryptedData>& k% L8 l! E& n1 O! d
  </connectionStrings>
2 ~# I: O/ V) M$ y8 L1 F  完全看不到连接的信息!4 [$ Y# Q; `5 [/ @, \
  下面是两个.bat批处理文件
+ D7 U, g2 C* F" _% ^! _  N  加密:
; k2 U, h; ~# W) M; q/ V  @echo off
* W/ `% F# J  n4 z; m! v  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings" "E:\code\proj\Web"# m! G" i/ k+ Y6 K
  解密:
( ]  S$ W5 l( D9 N4 ^  @echo off
% n8 d3 x0 s" b: [  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pdf "connectionStrings" "E:\code\proj\Web"
5 c# K" R8 U- v! ]/ g3 y9 `  PAUSE
+ S. S3 a$ u2 o. s; S. S9 f  直接将语句拷贝到.BAT文件中,E:\code\proj\Web为相应的web.config所在的路径,只能在一台电脑上操作,否则不可逆
password, server, False, 加密, 网页

相关帖子
回复

使用道具 举报

Anthony~
沙发
发表于 2013-8-5 19:31:27 | 只看该作者
好方法。我正好刚遇到这个问题
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Copyright © 2001-2013 Comsenz. All Rights Reserved - Powered by Discuz! X3.2
快速回复 返回顶部 返回列表