Penetration Testing mailing list archives
Re: [PEN-TEST] Autocomplete Function
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Tue, 14 Nov 2000 14:24:03 -0800
On Tue, 14 Nov 2000, Masse, Robert wrote:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\SPW contains the value: "FMJD38! _496SEO"=dword:00000000 So are you telling me that value contains the username, password and site?
"Intelliforms" implies that the above registry key has to do with the feature that automatically fills in form values for you, which might not neccessarily be the same as the one that answers standard HTTP client authentication requests for you. Intelliforms keeps track of field names, and values you have used for fileds of a given name if you have it enabled. Mine just has a key anmed "AskUser", a DWORD equal to 0. I have it turned off. Yours implies that you've got one value for one field name saved. The reason that figuring out the obscufcation is interesting is because we know it can be done. If IE can get the values back in the clear (as it has to be able to to use them) then we can replicated the behavior with an external program if we can deduce all the needed info. Ryan
Current thread:
- [PEN-TEST] Autocomplete Function Masse, Robert (Nov 14)
- <Possible follow-ups>
- Re: [PEN-TEST] Autocomplete Function Davidson,Sam (Nov 14)
- Re: [PEN-TEST] Autocomplete Function Oleg Letsinsky (Nov 15)
- Re: [PEN-TEST] Autocomplete Function Bill Weiss (Nov 15)
- Re: [PEN-TEST] Autocomplete Function Ben Grubin (Nov 15)
- Re: [PEN-TEST] Autocomplete Function Magnus Ullberg (Nov 15)
- Re: [PEN-TEST] Autocomplete Function Masse, Robert (Nov 15)
- Re: [PEN-TEST] Autocomplete Function Ryan Russell (Nov 15)
- Re: [PEN-TEST] Autocomplete Function David Knaack (Nov 15)
- Re: [PEN-TEST] Autocomplete Function N Catlow (Nov 16)
- Re: [PEN-TEST] Autocomplete Function Ryan Russell (Nov 15)