基于网络监听的.NET网站数据库加密连接字符串破解方法  被引量：4

作　　者：徐国天[1] XU Guotian(Criminal Investigation Police University of China,Shenyang 110854,China)

机构地区：[1]中国刑事警察学院,沈阳110854

出　　处：《刑事技术》2020年第5期468-473,共6页Forensic Science and Technology

基　　金：辽宁省自然科学基金课题(20180550841);公安部理论及软科学研究计划(2016LLYJXJXY013);公安部技术研究计划课题(2016JSYJB06);辽宁省社会科学规划基金项目(L16BFX012);辽宁省经济社会发展研究重大课题(2018LSLKTZD-028)。

摘　　要：目的涉网案件办理需要确定涉案数据库服务器的IP地址、涉案数据库名、账户等关键信息,这些涉案数据通常以加密方式存储在特定网页文件内。本文旨在研究对此类加密数据进行解密的方法。方法本文提出一种基于网络监听的数据解密方法。使用虚拟机搭建一个模拟网络环境,通过提交查询请求,触发web服务器自行解密数据,再逐步诱导web服务器发出通信数据包,采用网络监听的方式捕获通信数据,从中提取出解密之后的数据库连接配置信息。结果使用本文提出的基于网络监听的数据解密方法可以从通信数据中提取出数据库连接配置信息。结论经过大量测试和实际案例检验,本文提出的方法可有效破解.NET网站数据库加密连接字符串。Objective Key information,e.g.,IP address,database name and account,is crucial to investigate the involving network-related cases.In recent years,more websites have been developed with the.NET language.Such websites usually encrypt the database-connecting configuration parameters in a specific webpage file to prevent the key information from leakage.This paper attempts to set up an approach to decrypt such encrypted data through network monitoring.Methods With one virtual device to set up a simulating network environment,a query was therewith submitted to the targeting web server to have it triggered to decrypt the data and send out communication packets consecutively so that the communication data were captured through the concurring network monitoring,therefore having the database-connecting configuration parameters successfully decrypted and extracted.Since 2005-version and the later-issued SQL server databases adopt the TLS protocol to encrypt the communication data to make them diffi cult to decrypt,the SQL server 2000 database was(suggestively)thus installed on the targeting database server and adjusted of the listening port on the database from the default 1433 to 2578.Similarly,the wireshark usually treats TDS packets just as the ordinary application layer data,unable to parse TDS protocolformatted information,the sniffer-pro was hence chosen to analyze these communication data with its eligibility of analyzing the TDS data-header and internal data formatted under TDS protocol.Results The database-connecting configuration information can be extracted from the communication data through the here-utilized data decryption approach based on network monitoring.Conclusion Demonstrated through a large number of tests and practical cases,the approach proposed in this paper can effectively unravel/procure the encrypted connecting-character-string in.NET website database.

关 键 词：网络监听 数据库 加密 破解 

分 类 号：DF793.2[政治法律—诉讼法学]