首先要感谢哥们对我的指点,多谢。
当我们遇到类似情况下,如何获取保存在MSSQL工具里的凭证呢?
//如果对方连接地址后面加了IPsqlexpress 连接的时候你也记得加上,不然即使密码正确,也会说登录失败。
通过和哥们讨论研究分析以及查找资料,知道了密码存放的地方:
C:UsersAdministratorAppDataRoamingMicrosoftMicrosoft SQL Server90ToolsShellSEMmru.dat (当前MSSQL 连接工具为2005)
我们通过C32来查看MRU.DAT,会发现一串BASE64编码:
这个就是我们的保存的凭证,但是并不是直接还原BASE64就可以了,需要DECODE后还需要DPAPI来进行解密:
代码如下:
// Encode.cpp : 定义控制台应用程序的入口点。 // #include "stdafx.h" #include <Windows.h> #include <stdio.h> #include <iostream> #include <cstdlib> #include <stdio.h> #pragma comment(lib, "crypt32.lib") using namespace std; int Base64Decoder(char *input, unsigned char *output) { char base64string[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; BYTE dataBuffer[4]; BYTE outputBuffer[3]; BYTE finalBuffer[1000]; int count=0; int padCount=0; int length; length = strlen(input); //Validate the data for BASE64 if( length % 4 ) { printf("%s - Invalid base64 data is supplied %s (%d) ", input, length); return 0; } //count the no of padding if (input[length-1] == '=') padCount++; if (input[length-2] == '=') padCount++; // Process 4 chars in each loop to produce 3 chars for (int i=0; i < length; i += 4) { // Populate data buffer with position of Base64 characters for // next 4 bytes from encoded data for (int j=0; j < 4 && (i + j < length); j++) dataBuffer[j] = ( (int)strchr(base64string, input[i+j]) - (int)base64string ); //Decode data buffer back into bytes outputBuffer[0] = (dataBuffer[0] << 2) + ((dataBuffer[1] & 0x30) >> 4); outputBuffer[1] = ((dataBuffer[1] & 0x0f) << 4) + ((dataBuffer[2] & 0x3c) >> 2); outputBuffer[2] = ((dataBuffer[2] & 0x03) << 6) + dataBuffer[3]; // Add all non-padded bytes in output buffer to decoded data for (int k = 0; k < 3; k++) finalBuffer[count++]=outputBuffer[k]; } count = count-padCount; //copy the decoded data into input buffer memcpy(output, finalBuffer, count); output[count]='