Saturday, October 30, 2010

Wednesday, October 20, 2010

MS10-070 ASP.NET Auto-Decryptor File Download PoC exploit

This is another exploit part of the MS10-070 saga :)

It is not the same as our other previously released exploit, this one uses another information leak. On average, this exploit should allow you to do the same as the previous one but faster (which is important/desirable in this scenario).

You can find it here:

Thursday, October 14, 2010

MS10-070 ASP.NET Padding Oracle attack PoC exploit video

Yesterday, Agustin Azubel from Amplia Security released a proof-of-concept exploit implementing a Padding Oracle attack against ASP.NET (MS10-070) that allows an attacker to download a file from the remote web server.

Today we released a video showing how the PoC exploit works.

You can find it here:

and also, here:

If you don't feel like installing IIS/ASP.NET and creating a sample application or don't have an already vulnerable ASP.NET application to test the PoC exploit on, the video will give you an idea on how the exploit works.

Wednesday, October 13, 2010

MS10-070 ASP.NET Padding Oracle Attack to download web.config or other files

You can find it here: 

A proof-of-concept attack against MS10-070, this PoC is an implementation in Ruby of a Padding Oracle attack and allows you to download the 'Web.config' file or any other file from a vulnerable ASP.NET installation.

It was written by Agustin Azubel (aazubel [ at ]

Friday, October 08, 2010

Windows Credentials Editor v1.0 (WCE)

I just released a new tool called Windows Credentials Editor 1.0 (WCE)

It allows to perform pass-the-hash and other things related to windows logon sessions and supports XP,2003,7,2008 and Vista.

You can find it here:

Have fun!