Re: [PEN-TEST] IE Cookie Crypt-Analysis - DECRYPT THIS!!

["Ruso, Anthony" <aruso () POSITRON QC CA>]

password =1 is not part of the cipher it just my description of the cipher

The 4th line in the 5 line number sequence is "What I think" is the
encrypted password ( in this case 1 )

I supplied the username and password as a guide


-----Original Message-----
From: David Wong [mailto:dw280 () hotmail com]
Sent: Wednesday, December 20, 2000 1:29 PM
To: aruso () POSITRON QC CA
Subject: Fw: Re: [PEN-TEST] IE Cookie Crypt-Analysis - HAPPY DECRYPTING


Looks like you are in! Try User=451 and see if you can impersonate another
user. Keep password =1 , it just seems to state you are authenticated.
name may or may not need to be correct, looks like it's riddle in this case.

I suspect the other numbers are account numbers

Dave
----- Original Message -----
From: "Ruso, Anthony" <aruso () POSITRON QC CA>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Tuesday, December 19, 2000 9:07 AM
Subject: Re: [PEN-TEST] IE Cookie Crypt-Analysis - HAPPY DECRYPTING


> These are the ciphers...from the cookie
>
> User=450 Password=1
>
> Cipher below from Cookie
____________________________________________________________________________
> _____________________
password=&save=450&number=450&name=%3Cfont+color%3D78326%3Exriddle%3C%2Ffont
> %3E&refresh=15000
> 0
> 3631351808
> 29460352
> 3579705904
> 29387051
> *
____________________________________________________________________________
> ______________________
>
>
>
>
> User=1746 Password=1
>
> Cipher below from Cookie
____________________________________________________________________________
> ______________________
password=&save=1746&number=1746&name=%3Cfont+color%3D89181%3Easswipe%3C%2Ffo
> nt%3E&refresh=15000
> 0
> 3631351808
> 29460352
> 512098608
> 29387052
> *
____________________________________________________________________________
> _______________________
>
> Can anyone make anything out of this?
>
> Later