微慑信息网

C#下的encryptHelper加密帮助类测试-vulsee.com

测试某软件,微慑网C/S架构,登陆处有password字段加密,加密方式未知,目测为.NET程序,使用ILSpy进行反编译:

发现使用了 EncryptHelper.Encrypt(password)进行加密,跟进发现硬编码了key及iv

于是直接copy代码,进行加解密测试:微慑网

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace _1
{

    public static class EncryptHelper
    {
        private const string EncryptKey = "****";

        public static string Encrypt(string pToEncrypt)
        {
            DESCryptoServiceProvider des = new DESCryptoServiceProvider
            {
                Key = Encoding.ASCII.GetBytes("****"),
                IV = Encoding.ASCII.GetBytes("****")
            };
            byte[] inputByteArray = Encoding.Default.GetBytes(pToEncrypt);
            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write);
            cs.Write(inputByteArray, 0, inputByteArray.Length);
            cs.FlushFinalBlock();
            StringBuilder ret = new StringBuilder();
            byte[] array = ms.ToArray();
            foreach (byte b in array)
            {
                ret.AppendFormat("{0:X2}", b);
            }
            return ret.ToString();
        }

        public static string Decrypt(string pToDecrypt)
        {
            DESCryptoServiceProvider des = new DESCryptoServiceProvider();
            byte[] inputByteArray = new byte[pToDecrypt.Length / 2];
            for (int x = 0; x < pToDecrypt.Length / 2; x++)
            {
                int i = Convert.ToInt32(pToDecrypt.Substring(x * 2, 2), 16);
                inputByteArray[x] = (byte)i;
            }
            des.Key = Encoding.ASCII.GetBytes("***");
            des.IV = Encoding.ASCII.GetBytes("***");
            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(), CryptoStreamMode.Write);
            cs.Write(inputByteArray, 0, inputByteArray.Length);
            cs.FlushFinalBlock();
            return Encoding.Default.GetString(ms.ToArray());
        }
    }

    class Program
    {
        static void Main(string[] args)
        {
            //对常用字典进行加密,生成新的字典:
            /*
            string line = "";
            using (StreamReader sr = new StreamReader("MY-PASS.TXT"))
            {
                while ((line = sr.ReadLine()) != null)
                {
                    //Console.WriteLine(line);
                    string encText = EncryptHelper.Encrypt(line);
                    Console.WriteLine(encText);
                    //System.IO.File.WriteAllText(@"res.txt", encText, Encoding.UTF8);
                    System.IO.StreamWriter file = new System.IO.StreamWriter(@"res.txt", true);
                    file.WriteLine(encText);
                    file.Close();
                }
            }
            */

            //解密测试
            string encText = EncryptHelper.Decrypt("***********");
            //加密测试
            //string encText = EncryptHelper.Encrypt("123456");
            Console.WriteLine(encText);

            //Console.ReadKey();
        }
    }
}

 

赞(0) 打赏
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » C#下的encryptHelper加密帮助类测试-vulsee.com

评论 抢沙发

微慑信息网 专注工匠精神

微慑信息网-VulSee.com-关注前沿安全态势,聚合网络安全漏洞信息,分享安全文档案例

访问我们联系我们

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续提供更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫

微信扫一扫

登录

找回密码

注册