Yesterday, I received the asp.net version of the WeChat public platform source code sent to me by a friend.
Today I want to open it and take a look, what's in it, first attach the database to SQL Server 2008,
Then open the project and run crtl+F5 to run the web project, as shown in the following figure:
So, I immediately checked the administrator table dt_manager of the database and found that the administrator account was admin, but I didn't know what the password was encrypted, after all, I was a beginner
1 1 1 admin 77F992940A0EFD8025F5571B133BA6D5 28LH48 Super admin 13800138000 123@qq.com 0 2013-12-04 01:53:36.000 1000000 0 888 12 186 Doesn't tell you NULL 0
First throw it into the md5 website to decrypt it
Mu You found it, tried a few commonly used passwords, such as 123456, admin, 123, admin888, etc., but still couldn't log in
Alas, going to check asp.net source code and finding that it is encrypted as follows:
- public Model.manager GetModel(string user_name, string password, bool is_encrypt)
- {
- //检查一下是否需要加密
- if (is_encrypt)
- {
- //先取得该用户的随机密钥
- string salt = dal.GetSalt(user_name);
- if (string.IsNullOrEmpty(salt))
- {
- return null;
- }
- //把明文进行加密重新赋值
- password = DESEncrypt.Encrypt(password, salt);
- }
- return dal.GetModel(user_name, password);
- }
Generally speaking, it is first judged that there is a salt value of the user in the user table, and if there is, the password entered by the user and the salt value obtained from the database are used
DESEncrypt encrypted, (I don't know either.)What is DESEncrypt?Then, throw the encrypted password and the user into the dal. GetMode method,
To judge again, there is a select statement in the method, and the code is as follows:
- /// <summary>
- /// 根据用户名密码返回一个实体
- /// </summary>
- public Model.manager GetModel(string user_name, string password)
- {
- StringBuilder strSql = new StringBuilder();
- strSql.Append("select id from " + databaseprefix + "manager");
- strSql.Append(" where user_name=@user_name and password=@password and is_lock=0");
- SqlParameter[] parameters = {
- new SqlParameter("@user_name", SqlDbType.NVarChar,100),
- new SqlParameter("@password", SqlDbType.NVarChar,100)};
- parameters[0].Value = user_name;
- parameters[1].Value = password;
- object obj = DbHelperSQL.GetSingle(strSql.ToString(), parameters);
- if (obj != null)
- {
- return GetModel(Convert.ToInt32(obj));
- }
- return null;
- }
I don't know how to decrypt this thing, so I'll replace the encrypted password from the database! Rattle
C# sets a breakpoint in the password place, as shown in the following figure:
Gack, the ciphertext after getting 123456 encryption is EB51565598856A17, and decisively go to the database to replace it with the update statement
 Login successful!
|
Posted on 6/4/2015 6:47:12 PM
|
|
|
Landlord|
Posted on 6/4/2015 6:55:35 PM
|
Posted on 6/4/2015 7:10:15 PM
|
