In this video we show how to use POET to attack the latest version of ASP.NET. The target application is DotNetNuke. The attack consists of two phases:
1. In the first phase, we use POET to extract DotNetNuke's secret keys, and use those keys to generate a cookie to login as a super user. The same technique can be used to attack _every_ ASP.NET application.
2. In the second phase, we use Cesar Cerrudo's Token Kidnapping attack to gain SYSTEM privilege on the Windows server hosting DotNetNuke.