Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SessionId Prediction - Classic ASP - Tool?

from [Jay] Network Security [Permanent Link]
Subject: SessionId Prediction - Classic ASP - Tool?
Date: Fri, 22 Feb 2008 11:36:11 -0500 
Have read several articles on classic .asp that its possible to predict session 
id. Has anyone had any practical experience with this or know of a tool that 
can assist with this?


From an article,


"The session ID is a read-only value that uniquely identifies the current 
clients to the Web server. In classic ASP, session IDs are assigned in a 
sequential manner?the session ID 706616433 is followed by the session ID 
706616434, and so on. The classic ASP session ID is stored on the client?s 
machine in the form of an encrypted nonpersistent cookie. For example, the 
session ID 706616434 would be stored on the client machine as the cookie 
ASPSESSIONIDGQQGQGCS=JHMBOBKCBINEHLPKJHOPABBE." - Edmond Woychowsky

How is it known that 706616434  equates to 
ASPSESSIONIDGQQGQGCS=JHMBOBKCBINEHLPKJHOPABBE?

Any advice or tool suggestions would be appreciated.

Jay



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Certification for Web Application Security Professionals, Anurag Agarwal
Next by Date:  Split Kismet log file, Matheus Michels
Previous by Thread:  CanSecWest 2008 Mar 26-28, Dragos Ruiu
Next by Thread:  Re: SessionId Prediction - Classic ASP - Tool?, Stefano Di Paola
Indexes:  [Date] [Thread] [Top] [All Lists]