Encrypted App.Config

Posted: 22nd July 2018 by 2bitwannabe in Uncategorized

If you’ve ever developed in .NET or conducted a pentest on a .NET website or application, then you’ll likely have encountered encrypted strings within the .config file.

Generally this is a good thing and smart thinking of on the part of the developer, providing you don’t have access to the server that is running/hosting the applications.
The process I’m about to outline is almost the same for windows application config file as it is for web.config files.

If you have access to the server, then you can just use the server to decrypt the encrypted sections of the configuration file making it human-readable and providing you with information and credentials for you to use.

For both the steps are the same with the exception of the app.config will need to be copied and renamed to web.config.

You need to navigate to the .NET Framework tools, Typical under C:\Windows\Microsoft.NET\Framework\v[Version Number depending on installed version]\
Then use the following command:
aspnet_regiis.exe -pd [path to web.config]

Once completed you can just open the file and you will have clear-text values.

You must be logged in to post a comment.