Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: IIS 5 cookie encryption password

IIS 5 cookie encryption password

From: Serguey Forcade <sergueyf_at_gmail.com>
Date: Mon, 2 Apr 2007 19:15:21 -0400

Hi, I'd like to know if anyone knows of a paper that explains how to
extract the encryption password IIS creates when it starts up, and
uses to encrypt the session ID + random data in order to generate the
cookie value the users receives.

I'm interested in IIS 5.0.

Thanks.

-------------------------------------------------------------------------
Sponsored by: Watchfire

It's been reported that 75% of websites are vulnerable to attack. That's
because hackers know to exploit weaknesses in web applications.
Traditional approaches to securing these assets no longer apply. Download
the "Addressing Challenges in Application Security" whitepaper today,
and see for yourself.

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHF
--------------------------------------------------------------------------
Received on Apr 02 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos