POET vs ASP.NET: DotNetNuke
Loading...
Uploaded by cryptbe on Sep 16, 2010
In this video we show how to use POET to attack the latest version of ASP.NET. The target application is DotNetNuke. The attack consists of two phases:
1. In the first phase, we use POET to extract DotNetNuke's secret keys, and use those keys to generate a cookie to login as a super user. The same technique can be used to attack _every_ ASP.NET application.
2. In the second phase, we use Cesar Cerrudo's Token Kidnapping attack to gain SYSTEM privilege on the Windows server hosting DotNetNuke.
This research was done by Thai Duong and Juliano Rizzo. More information can be found at http://netifera.com/research.
Uploader Comments (cryptbe)
Top Comments
-
Downvoted for douchey music.
1 year ago 8
All Comments (70)
-
Please i have a problem in running poet.py in python script.it says insufficient argument.pls help!
-
@joertjoert My Listening is not good enough for that. But it took using the Shazam! - "Plain White Ts - Hey There Delilah".
-
@joertjoert My Listening is not good enough for that. But it took using the Shazam! - "Plain White Ts - Hey There Delilah".
-
@joertjoert My Listening is not good enough for that. But it took using the Shazam! - "Plain White Ts - Hey There Delilah".
-
@tiagobevilaqua Google for the lyrics. "just believe me girl sometime I'll pay the bills with this guitar" should do the trick.
-
So - assuming you have CustomErrors not set to "Off" and and redirectmode set to "ResponseRewrite" - does this protect you from this vulnerability? Or is this irrelevant?
-
NameError: global name 'reduce' is not defined
-
I have the following error when write this function in pyton
Traceback (most recent call last):
- 4:55
Asp.Net Padding Oracle Attackby sunilyadav1651,134 views
- 2:10
ASP Admin Hacked. SQL Injectionby lobstaish47,573 views
- 3:13
Dot Net Vs JAVA.flvby amangupta00519,127 views
- 4:47
ASP.NET MVC Model view controller ( MVC) Step by Step Part 1by dnfvideo27,577 views
- 2:09
POET vs ASP.NET: don't waste time implementing useless workarounds - you should patch ;-)by cryptbe3,592 views
- 3:19
ROPEME - ROP Exploit Made Easyby vnsec5,155 views
- 0:59
MS10-070 ASP.NET Padding Oracle proof-of-concept exploitby AmpliaSecurity2,838 views
- 5:02
asp.net sessionby ASPFACULTY6,361 views
- 4:53
DotNetNuke Training Video - Setting DNN Securityby JiveMedia7,851 views
- 1:36
Why DotNetNuke?by applydnn7,095 views
- 12:08
Content Management System (CMS) - ASP.Net, MS SQL - DotNetNuke DNN - Overview - Part 1 of 2by clarityteam2,308 views
- 4:44
Cracking CAPTCHA with Padding Oracle attackby cryptbe12,932 views
- 5:10
DNN Module - Events Calendar & Registration Module for DotnetNukeby invenmanager2,764 views
- 3:33
DotNetNuke - Creating Modulesby davidmbush14,542 views
- 5:46
How to Search Engine Optimize DotNetNukeby JiveMedia6,482 views
- 2:18
Lady Javaby AlexanderChernyy707,586 views
- 9:50
ASP.NET Membership System Access Roles and permissionsby networking2614,851 views
- 7:01
Validating ASP.NET CheckBox (and similar) controls.by davidmbush20,135 views
- 4:00
OCR Oracle Captchaby 0killzonex1,819 views
- 3:52
DotNetNuke Hack Tutorialby nolian121,230 views
@Drysar0: ha! thanks for pointing out. We made a mistake because we are new to ASP.NET, and we wanted to demonstrate that error message is irrelevant, so we skimmed the documentation and thought that setting CustomErrors="Off" is the most secure.
What we can say is the setting of CustomErrors is _irrelevant_. We presented this at EKOPARTY, and we're going to release the slide deck soon.
cryptbe 1 year ago 3