Tag Archives: Password recovery

Cracking .NET Membership Password Hashes

February 25, 2014

By Sebastien Macke, @lanjelot

During a recent penetration test against an ASP.NET web application, we gained a significant level of control over the server and leveraged our access to get a copy of the application’s database, where the user password hashes were stored.

This post provides details of how we recovered passwords from the hashes. Read on if you want to play along at home and crack them as we did!

Continue reading →