Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-05-02 09:50:46 +00:00 committed by gitbook-bot
parent 7391119422
commit c620191fb3
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
pentesting/pentesting-web/iis-internet-information-services.md
View file

@ -358,3 +358,15 @@ This information includes remote client IP's, session IDs, all request and respo
![Screenshot 2021-03-30 at 13 19 11](https://user-images.githubusercontent.com/31736688/112974448-2690b000-915b-11eb-896c-f41c27c44286.png)
## ASPXAUTH Cookie
ASPXAUTH uses the following info:
* **`validationKey`** \(string\): hex-encoded key to use for signature validation.
* **`decryptionMethod`** \(string\): \(default “AES”\).
* **`decryptionIV`** \(string\): hex-encoded initialization vector \(defaults to a vector of zeros\).
* **`decryptionKey`** \(string\): hex-encoded key to use for decryption.
However, some people will use the **default values** of these parameters and will use as **cookie the email of the user**. Therefore, if you can find a web using the **same platform** that is using the ASPXAUTH cookie and you **create a user with the email of the user you want to impersonate** on the server under attack, you may be able to us**e the cookie from the second server in the first one** and impersonate the user.
This attacked worked in this [**writeup**](https://infosecwriteups.com/how-i-hacked-facebook-part-two-ffab96d57b19).