September 17, 2010, 1:48PM
Demo of ASP.NET Padding Oracle Attack
7 CommentsIn this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET.
You can read the full story of their attack in this article, "Padding Oracle Attack Affects Millions of ASP.NET Apps."
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
- Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends
- Why Google Won't Protect You From Big Brother
- Iranian Students Claims to have Stolen Thousands of Researcher's Records
- Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest
- Behind The Mask, Accused LulzSec Members Left Trail Of Clues Online
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
21%
Only connect to password-protected, secure connections
39%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
13%
Total votes: 62
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
Does this only work if the default error page is used? If so, that is a basic security requirement of any good deployment.
So really only thing you have to do to prevent this exploit, is to turn on custom error pages.
I imagine he's not talking because he presumes that people can read.
Hi, interesting stuff... I read abount Microsoft's workaround for this... Do you know if your exploit works if the customErrorMode is set to "RemoteOnly"? I remember that with that value a remote user sees only a "friendly" error page... Does it contains enough info for the exploit to work?
The following link has a modified version of Padbuster, which is able to exploit this against .NET targets:
http://blog.mindedsecurity.com/2010/09/investigating-net-padding-oracle.html
i believe that that method is one ofthe mostly used methods at the begining of this worm along side other hacks and exploits that even a low level format wont allow me to wipe.
im still recieving over 2k or now 4k incoming ips per hour 24/7 that started in feb 2009 after fighting a hacker for 6 months prior where phone systems are exploited and used. possibly for gps location or something. not sure, but its an advanced system where high authoritys are using illegally.
if you dont believe me, then do research on the 2nd phone company that disspeared after i joined due to strange situations. to do so , search using keywords "montana" and "airtel"
that happened after 1 month of joined for getting away from altel for my bills getting bigger and bigger. 400.00 the last month of a phone system i rarely used.
here is incoming ips that never stop since f eb and not being controled or helped.
i dont think the worm is going anywhere.
[INFO] Sat Jan 31 12:22:21 2004 Allowed configuration authentication by IP address 192.168.0.196
[INFO] Sat Jan 31 12:19:17 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2301
[INFO] Sat Jan 31 12:19:16 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2479
[INFO] Sat Jan 31 12:19:15 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9415
[INFO] Sat Jan 31 12:19:15 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 12:16:36 2004 Blocked incoming UDP packet from 85.177.107.196:22447 to 174.39.166.170:26185
[INFO] Sat Jan 31 12:14:36 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 12:14:36 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:13:53 2004 Blocked incoming UDP packet from 98.230.152.76:44794 to 174.39.166.170:25835
[INFO] Sat Jan 31 12:06:53 2004 Blocked incoming UDP packet from 82.169.12.217:21697 to 174.39.166.170:26185
[INFO] Sat Jan 31 12:06:32 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 12:06:32 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:06:12 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:9000
[INFO] Sat Jan 31 12:06:12 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:73
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2301
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9090
[INFO] Sat Jan 31 12:05:56 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9415
[INFO] Sat Jan 31 12:04:55 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246
[INFO] Sat Jan 31 12:04:54 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 12:04:53 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:58:57 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:58:37 2004 Administrator logout
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:73
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:2479
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:9090
[INFO] Sat Jan 31 11:55:01 2004 Blocked incoming TCP connection request from 202.102.234.87:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:54:24 2004 Blocked incoming TCP connection request from 221.192.199.46:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:51:00 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:49:45 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8080
[INFO] Sat Jan 31 11:49:45 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:80
[INFO] Sat Jan 31 11:49:45 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:6588
[INFO] Sat Jan 31 11:49:44 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:7212
[INFO] Sat Jan 31 11:49:44 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8008
[INFO] Sat Jan 31 11:49:43 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8118
[INFO] Sat Jan 31 11:49:42 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:1080
[INFO] Sat Jan 31 11:49:42 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8090
[INFO] Sat Jan 31 11:49:41 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:9000
[INFO] Sat Jan 31 11:49:40 2004 Blocked incoming TCP connection request from 58.218.199.147:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:46:49 2004 Blocked incoming UDP packet from 82.169.12.217:10659 to 174.39.166.170:26185
[INFO] Sat Jan 31 11:46:08 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8090
[INFO] Sat Jan 31 11:46:08 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246
[INFO] Sat Jan 31 11:46:08 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:8090
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:3246
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:9000
[INFO] Sat Jan 31 11:44:31 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:43:55 2004 Blocked incoming ICMP packet (ICMP type 8) from 111.178.70.5 to 174.39.166.170
[INFO] Sat Jan 31 11:43:37 2004 Log viewed by IP address 192.168.0.196
[INFO] Sat Jan 31 11:43:04 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:27977
[INFO] Sat Jan 31 11:43:04 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 174.39.166.170:8085
[INFO] Sat Jan 31 11:43:01 2004 Log viewed by IP address 192.168.0.196
[INFO] Sat Jan 31 11:43:00 2004 Stored configuration to non-volatile memory
It's called a DDOS
en.wikipedia.org/wiki/Denial-of-service_attack
Your router is being attacked by a spam company in china that is trying to get to your computer.
Call your ISP and ask them to change your external IP address, Reformat, instal antivirus, firewall, anti-spyware.
Getting your external IP address changed to a new one will help the most.
They are most likely trying to reach a botnet that is or was on your system.