Recommended: ASP optimization uses data binding to achieve high-efficiency dynamic web pages Data Binding is not a new concept, and IE 4.0 has already provided rich support for it. However, data binding is not valued as it deserves, and many developers seem to be more willing to use server-side scripting methods. However, in fact
Cracking goal: Cracking an encrypted Asp Trojan login password. Since there is no version description in the Trojan horse, I don’t know what the Trojan is called.
Cracking ideas: two types: replace the ciphertext with the encrypted password and reversely solve the password using the ciphertext and encryption algorithm.
The former is not a real crack at all. If you can't get the Asp source code, then you can say that I have no chance of cracking the password. A friend from China said that he had obtained web permissions, but could not modify the homepage. He found that there was an Asp Trojan in it, but the password was encrypted. Okay, there is too much nonsense, so be prepared, this explanation will be quite long.
The key codes for Asp Trojan login password verification are as follows:
if Epass(trim(request.form(password)))=q_ux624q p then response.cookies(password)=8811748 ... |
It is obvious that the Epass function is used to encrypt the input password, and then compare the obtained ciphertext with the original ciphertext. If you have a little basic programming, especially VB, then the encryption algorithm in Epass will be clear at a glance. If not, then it doesn’t matter. I believe you will understand quickly after my explanation. In the function, the variable that saves the password is pass. pass&zxcvbnm,./ Connect the contents in pass with zxcvbnm,./ to get a new string. left(pass&zxcvbnm,./,10) takes the top 10 digits. The StrReverse function reverses the resulting 10-bit string order. len(pass) gets the length of the password. Below is a loop. The Ascii code-password length of each bit in the obtained string is rounded (the character position *1.1), and then the resulting value is converted into characters and reconnected. Finally, all the characters with ' in the obtained string are replaced with B, so that the ciphertext is generated. If we extract the encryption algorithm and replace the original ciphertext with our own ciphertext, the corresponding password will also become your password. But I said that this is not a real crack.
If we type love, the encryption process is as follows:
| love lovezxcvbnm,./'Connection lovezxcvbn 'Take the top 10 nbvcxzevol 'order inverted n 110(ascii)-4(digit number) int(1(position)*1.1)=107 The ascii code of 107 is k, and so on, and the last ciphertext: k`ucy hzts |
We can invert the password through ciphertext and encryption algorithms, and push it up from the last step of the algorithm. The last step is to replace all with B, is it necessary to replace B back, the answer is no. As long as we can get the last ciphertext, it is possible that the password is different. If there are 10 Bs, then the number of original passwords is 2 to the power of 10. Although there is only one original password, 1024 passwords are all correct. If you want to perfectly crack it, you can try to write all the combinations yourself. Then this step can be ignored, the above algorithm is very clear.
| chr(asc(mid(temppass,j,1))-templen int(j*1.1)) |
We just need to simply change the and - for a while.
| chr(asc(mid(temppass,j,1)) templen-int(j*1.1))) |
But there is another problem. We don’t know the length of the password in advance, so it doesn’t matter. Fortunately, the password is between 1-10 digits and is not too long. Then we can use a 1 to 10 loop to find all possible passwords, and then reverse the order of them using the StrReverse function. So how do we determine which password we get in the end? You can check whether there are the first few digits of zxvbnm and./ after the password is excluded from the end. Then this is the real password. Then if the password is 10 bits, it will be correct forever because there is no connection behind it. So we may get two answers.
The following is the decryption function I wrote:
function Ccode(code) for templen1=1 to 10 mmcode= for j=1 to 10 mmcode=mmcode chr(asc(mid(code,j,1)) templen1-int(j*1.1)) next Ccode=strReverse(mmcode) response.write Password&templen1&:&Ccode& if mid(Ccode,templen1 1,10-templen1)=left(zxcvbnm,./,10-templen1) and templen1<>10 then result=left(Ccode,templen1) next response.write Last password:&result end function |
OK, the algorithm may not be fully mastered in such a short time, which is normal. So I will attach the instructions and the encrypted and decrypted Asp source code to the compressed package. Please take it back and study it carefully. Likewise, password 10 is eternally correct. Then let’s take the original ciphertext in Asp and see what the results will be.
Share: Use Response attribute in ASP-- contenttype I encountered such a problem when using ASP to create web pages for a certain unit. In the previous MIS system of the unit, some Word files were saved in the database in the form of byte streams. Now the user asked me to use ASP to take out these Word file data from the database and display them in the web page.