Description: In this video how to use POET to attack the latest version of ASP.NET. The target application is DotNetNuke. The attack consists of two phases:
1. In the first phase, we use POET to extract DotNetNuke's secret keys, and use those keys to generate a cookie to login as a super user. The same technique can be used to attack _every_ ASP.NET application.
2. In the second phase, we use Cesar Cerrudo's Token Kidnapping attack to gain SYSTEM privilege on the Windows server hosting DotNetNuke.
This research was done by Thai Duong and Juliano Rizzo. More information can be found at http://netifera.com/research.
Tags: poet , asp.net , dotnetnuke ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.