Penetration Testing mailing list archives

IIS 5 cookie encryption password


From: "Serguey Forcade" <sergueyf () gmail com>
Date: Mon, 2 Apr 2007 19:15:21 -0400

Hi, I'd like to know if anyone knows of a paper that explains how to
extract the encryption password IIS creates when it starts up, and
uses to encrypt the session ID + random data in order to generate the
cookie value the users receives.

I'm interested in IIS 5.0.

Thanks.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


Current thread: