Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Autocomplete Function
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Tue, 14 Nov 2000 14:24:03 -0800

On Tue, 14 Nov 2000, Masse, Robert wrote:

HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\IntelliForms\SPW

contains the value:

"FMJD38! _496SEO"=dword:00000000

So are you telling me that value contains the username, password and site?


"Intelliforms" implies that the above registry key has to do with the
feature that automatically fills in form values for you, which might not
neccessarily be the same as the one that answers standard HTTP client
authentication requests for you.  Intelliforms keeps track of field names,
and values you have used for fileds of a given name if you have it
enabled.  Mine just has a key anmed "AskUser", a DWORD equal to 0.  I have
it turned off.  Yours implies that you've got one value for one field name
saved.

The reason that figuring out the obscufcation is interesting is because we
know it can be done.  If IE can get the values back in the clear (as it
has to be able to to use them) then we can replicated the behavior with an
external program if we can deduce all the needed info.

                                        Ryan


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault