Hello,
I compromised a SQL backup of a PasswordState database as part of a pentest, and am trying to get the juicy info decrypted! I have the whole database restored into a SQLEXPRESS database in my lab. I also have the original web.config from the compromised server.
I'm kind of stuck here as I'm not sure which is my path of least resistance. If I go the route of CSV export, I can feed the tool the SECRET3 key by querying it right in SQL, but I'm not really sure how to manually get the SECRET1 value?
I also tried using the tool and pointing it to my SQLEXPRESS instance with a connection string, but that's causing me errors.
Could you point me in the right direction?
Hello,
I compromised a SQL backup of a PasswordState database as part of a pentest, and am trying to get the juicy info decrypted! I have the whole database restored into a SQLEXPRESS database in my lab. I also have the original web.config from the compromised server.
I'm kind of stuck here as I'm not sure which is my path of least resistance. If I go the route of CSV export, I can feed the tool the SECRET3 key by querying it right in SQL, but I'm not really sure how to manually get the SECRET1 value?
I also tried using the tool and pointing it to my SQLEXPRESS instance with a connection string, but that's causing me errors.
Could you point me in the right direction?