我使用Navicat连接好了mysql但是密码忘记了;可以通过如下操作找回密码
我使用的Navicat版本是 15.0.27
1、选择文件 --> 导出连接
2、选择你要知道密码的连接 勾选导出密码(默认位置是桌面)
3、 在Password 这栏找到加密后的密码
4、打开PHP在线运行工具,粘贴解密代码
工具地址:https://tool.lu/coderunner
复制解密代码到工具中
<?php
class NavicatPassword
{
protected $version = 0;
protected $aesKey = 'libcckeylibcckey';
protected $aesIv = 'libcciv libcciv ';
protected $blowString = '3DC5CA39';
protected $blowKey = null;
protected $blowIv = null;
public function __construct($version = 12)
{
$this->version = $version;
$this->blowKey = sha1('3DC5CA39', true);
$this->blowIv = hex2bin('d9c7c3c8870d64bd');
}
public function encrypt($string)
{
$result = FALSE;
switch ($this->version) {
case 11:
$result = $this->encryptEleven($string);
break;
case 12:
$result = $this->encryptTwelve($string);
break;
default:
break;
}
return $result;
}
protected function encryptEleven($string)
{
$round = intval(floor(strlen($string) / 8));
$leftLength = strlen($string) % 8;
$result = '';
$currentVector = $this->blowIv;
for ($i = 0; $i < $round; $i++) {
$temp = $this->encryptBlock($this->xorBytes(substr($string, 8 * $i, 8), $currentVector));
$currentVector = $this->xorBytes($currentVector, $temp);
$result .= $temp;
}
if ($leftLength) {
$currentVector = $this->encryptBlock($currentVector);
$result .= $this->xorBytes(substr($string, 8 * $i, $leftLength), $currentVector);
}
return strtoupper(bin2hex($result));
}
protected function encryptBlock($block)
{
return openssl_encrypt($block, 'BF-ECB', $this->blowKey, OPENSSL_RAW_DATA|OPENSSL_NO_PADDING);
}
protected function decryptBlock($block)
{
return openssl_decrypt($block, 'BF-ECB', $this->blowKey, OPENSSL_RAW_DATA|OPENSSL_NO_PADDING);
}
protected function xorBytes($str1, $str2)
{
$result = '';
for ($i = 0; $i < strlen($str1); $i++) {
$result .= chr(ord($str1[$i]) ^ ord($str2[$i]));
}
return $result;
}
protected function encryptTwelve($string)
{
$result = openssl_encrypt($string, 'AES-128-CBC', $this->aesKey, OPENSSL_RAW_DATA, $this->aesIv);
return strtoupper(bin2hex($result));
}
public function decrypt($string)
{
$result = FALSE;
switch ($this->version) {
case 11:
$result = $this->decryptEleven($string);
break;
case 12:
$result = $this->decryptTwelve($string);
break;
default:
break;
}
return $result;
}
protected function decryptEleven($upperString)
{
$string = hex2bin(strtolower($upperString));
$round = intval(floor(strlen($string) / 8));
$leftLength = strlen($string) % 8;
$result = '';
$currentVector = $this->blowIv;
for ($i = 0; $i < $round; $i++) {
$encryptedBlock = substr($string, 8 * $i, 8);
$temp = $this->xorBytes($this->decryptBlock($encryptedBlock), $currentVector);
$currentVector = $this->xorBytes($currentVector, $encryptedBlock);
$result .= $temp;
}
if ($leftLength) {
$currentVector = $this->encryptBlock($currentVector);
$result .= $this->xorBytes(substr($string, 8 * $i, $leftLength), $currentVector);
}
return $result;
}
protected function decryptTwelve($upperString)
{
$string = hex2bin(strtolower($upperString));
return openssl_decrypt($string, 'AES-128-CBC', $this->aesKey, OPENSSL_RAW_DATA, $this->aesIv);
}
};
//需要指定版本两种,11或12
//$navicatPassword = new NavicatPassword(11);
$navicatPassword = new NavicatPassword(12);
//解密
//$decode = $navicatPassword->decrypt('15057D7BA390');
$decode = $navicatPassword->decrypt('E75BF077AB8BAA3AC2D5'); // 替换成加密的密码
echo $decode."\n";
?>
#我已经试过了,需要指定12版本,11版本会乱码(11版本是解密另一种加密方式的,后面会介绍)
可以看出密码已经被破译出来了,我的密码是 123456
二、介绍另一种获取用户加密密码的方式
1、打开运行窗口,输入regedit,点击确认按钮,打开注册表编辑器
2、在注册表中找到Navicat加密后的密码
展开【HKEY_CURRENT_USER】
展开【SOFTWARE】
展开【PremiumSoft】
展开【Navicat】
展开【Servers】
找到你的数据库连接并双击,双击右侧的pwd,复制数据数据(就是加密的密码)
将获取到的加密的密码放到php代码中执行破译(以这种方式获取的密码,需要指定11版本)
密码就在右侧显示了
![[GXYCTF2019]Ping Ping Ping解题过程](https://img-blog.csdnimg.cn/ea1c791e2c2b4c3e9ca2b4c2c0c1b535.png)
