Page 1 of 1
How to decrypt the database.config file?
Posted: Wed Aug 26, 2009 12:46 pm
by AbleMods
In the old, old 7.0 there was no option to decrypt the database.config file so you could see/edit the database connection information. I remember there was a manual way to do it, but I can't find it now.
Anyone remember/know how to do that?
Re: How to decrypt the database.config file?
Posted: Wed Aug 26, 2009 1:29 pm
by Logan Rhodehamel
This will probably get you there... it's an asp.net standard encryption not anything we did ourselves.
http://diablopup.blogspot.com/2007/04/a ... onfig.html
Re: How to decrypt the database.config file?
Posted: Thu Aug 27, 2009 5:34 am
by AbleMods
I don't think that's going to work if the encrypted file was downloaded from a shared hosting environment, correct?
Re: How to decrypt the database.config file?
Posted: Thu Aug 27, 2009 5:49 am
by AbleMods
I found an interesting backdoor in situations where the database string is encrypted and you're in a shared hosting environment.
Upload the Connection.aspx page and code-behind file from a 7.0.3 install into the ~/Admin/Store/Security/ folder.
Then modify the web.config file in the ~/Admin/Store/Security/ folder to include "Admin" as an allowed role. Just change Allow Roles="System" to Allow Roles="System,Admin" .
Now log into the site admin and hit the URL directly http://<mysite.com>/admin/store/security/connection.aspx
The page should load and will show you the fully unecrypted database connection string
This backdoor isn't meant for changing the string - I have no idea if the 7.0.3 code will work in that 7.0 environment. But at least now you can record your SQL db security info for future reference.