Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] Autocomplete Function

Re: [PEN-TEST] Autocomplete Function

From: Masse, Robert <rmasse_at_RICHTERSECURITY.COM>
Date: Tue, 14 Nov 2000 15:16:38 -0500

Hi Ben

Can you be a bit more specific?

HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\IntelliForms\SPW

contains the value:

"FMJD38! _496SEO"=dword:00000000

So are you telling me that value contains the username, password and site?

Thanks

Rob

Robert Masse, CISSP
Chief Technical Officer

Richter Security Inc.
2 Place Alexis Nihon, suite 905
Montreal, Quebec, Canada
+514 934 3566 Direct
+514 934 3406 Fax

-----Original Message-----
From: Ben Grubin [mailto:Ben.Grubin_at_GUARDENT.COM]
Sent: Monday, November 13, 2000 7:06 PM
To: PEN-TEST_at_SECURITYFOCUS.COM
Subject: Re: [PEN-TEST] Autocomplete Function

-----BEGIN PGP SIGNED MESSAGE-----

Pssst,

HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\IntelliForms\SPW

- --------------------------------------------------
Benjamin P. Grubin bgrubin_at_guardent.com
Guardent, Inc. http://www.guardent.com
PGP Key: D33D 22C2 6552 0F6B 44E4 5254 0172 0E10

"The world isn't run by weapons anymore, or energy, or money. It's
run by little ones and zeros, little bits of data.. it's all just
electrons."

> -----Original Message-----
> From: Davidson,Sam [mailto:SDAVIDSON_at_CERNER.COM]
> Sent: Monday, November 13, 2000 4:28 PM
> To: PEN-TEST_at_SECURITYFOCUS.COM
> Subject: Re: Autocomplete Function
>
>
> Has anyone tried taking a sysdiff snapshot, then visiting
> some sites and
> taking a diff shot to find the modified files?
> This would be verrrry valuable info when compromised.
>
> -----Original Message-----
> From: Masse, Robert [mailto:rmasse_at_RICHTERSECURITY.COM]
> Sent: Monday, November 13, 2000 13:24
> To: PEN-TEST_at_SECURITYFOCUS.COM
> Subject: [PEN-TEST] Autocomplete Function
>
>
> Hi
>
> Does anyone know where Internet Explorer stores the data from the
> 'autocomplete' function? You know, the one everyone uses
> when they do their
> on-line banking :)
>
> Possible Scenario:
>
> Lots of people have file sharing on their workstation at home
> and a nice
> broadband connection. Can someone pull a file with the list of
> usernames/passwords/sites
> if someone was using autocomplete?
>
> I poked around and didn't find anything (internet options,
> content allows
> you to clear the info but doesn't tell you where it's stored).
>
>
> Thanks
>
> Rob
>
> Robert Masse, CISSP
> Chief Technical Officer
>
> Richter Security Inc.
> 2 Place Alexis Nihon, suite 905
> Montreal, Quebec, Canada
> +514 934 3566 Direct
> +514 934 3406 Fax
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3

iQEVAwUBOhCAoxUrX+hn0R4xAQEnWAgAwXzzTmWnJWcpF0C7aXdb7x3EqWot9VfU
6wg1+e2Rd3LUCcNcjyjumP4R0fQ3cfMnPbSBDwOArOYA3K3z3IhG1V3uWL8QYREC
CLgEYeeypyJXdmw4f8ciHHtlgOxXeS02JKHx/LGjx4o6OWKc5QUB8GDPjLhVmG8K
NnYeP64d9DT3sh8YFrbYjqhwcaSh6B22GA968ANsMMdHHLi3Wed9XW7UU5bzEGBI
7xdW17w+Uhz5eURfxhcq1F2a4yqsKol3MqIB1WQXbuc4QukhDgWQ5VKHfydY6IXJ
hmfxSBf9UhvsrcThYnmQXft96oNpY8eCryoJd3leeTIJAN0oa6/mSA==
=xAXD
-----END PGP SIGNATURE-----
Received on Nov 15 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]