Penetration Testing mailing list archives
IIS 5 cookie encryption password
From: "Serguey Forcade" <sergueyf () gmail com>
Date: Mon, 2 Apr 2007 19:15:21 -0400
Hi, I'd like to know if anyone knows of a paper that explains how to extract the encryption password IIS creates when it starts up, and uses to encrypt the session ID + random data in order to generate the cookie value the users receives. I'm interested in IIS 5.0. Thanks. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- IIS 5 cookie encryption password Serguey Forcade (Apr 04)
- Message not available
- Re: IIS 5 cookie encryption password Serguey Forcade (Apr 04)
- Re: IIS 5 cookie encryption password Santiago Barahona (Apr 10)
- Re: IIS 5 cookie encryption password Santiago Barahona (Apr 10)
- Re: IIS 5 cookie encryption password Serguey Forcade (Apr 04)
- Message not available