Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Exploiting ColdFusion(8) Servers LFD And [Shell Upload]
- access the administrative page
- login page like this :
- CFIDE/administrator/index.cfm
- 1- Exploit Via Script Python {cfide-autopwn}
- the password hash (SHA1).
- Cracking the password hash .
- Get Account {RDS}
- Connect To {RDS} Via Adobe Dreamweaver .
- Type Of Shell (cfm)
- Upload Your Shell.
- ==========================================================
- Ther Another way if the Hash Not Cracked !
- Exploit Bypassing ColdFusion authentication
- the password hash (SHA1).
- you can try to decrypt it, But Nothing ..
- we can use a browser plugin like Tamper data to modify the field value to the hashed one.
- the hash salt changes every 30 seconds (the webpage reloads with a different salt)we must act fast.
- First paste the hashed password into the password field and then run this simple Javascript:
- javascript:alert(hex_hmac_sha1(document.loginform.salt.value, document.loginform.cfadminPassword.value))
- Now, copy the hash and DON’T RELOAD THE WEBPAGE. Just start Tamper Data and change the cfadminPassword with the one you got with the javascript:
- Fine, we’re in :)
- Done :)
- Thanks For Watching VirusX-Dz
- Salam !
- Algerian H(a)ttacker ;)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement