Take over an application with Zero knowledgement transfer, no documentation no db dictionary. I am kind of lucky developer -_*

I need to sign in to see what the application will do, search for accounts in DB and found out password field was encoded. Study the code and see this FormsAuthentication.HashPasswordForStoringInConfigFile(password, “SHA1”), no idea how to decrypt it so as usual i google it. In summary:

-Hash function is one day function, no way to decrypt back to the original plain text.
-Hash passwords is to avoid you having to store the plaintext password for authentication.

But well, i am a developer, I have Visual studio , i have write access in database….No hard to guess how i simply pick a login account and hack it 🙂

eagle

Advertisements