Penetration Testing mailing list archives
[PEN-TEST] Cold Fusion Hack?
From: John Bumgarner <JBumgarner () MATRIXNETWORKING NET>
Date: Mon, 9 Oct 2000 15:48:33 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone had success with this problem as part of a pen-test? The client has Cold Fusion configured to allow remotely administration at <http://www.targethost.com/cfide/administrator/startstop.html> . The web server uses a Java Applet for the password prompt. The account name is Administrator (gathered with a local sniffer). I have tried a list of the most common passwords, but no luck. Does anyone know a tool other than Brutus that can be configured to brute force the password via this java prompt? Please respond to me with any questions or comments. Sincerely, John Bumgarner, CISSP Security Practice Director Matrix Networking Group, LLC 6425 Bannington Drive Suite A Charlotte, NC 28226 Voice (704) 907-0462 Fax (704) 341-4131 <mailto:jbumgarner () matrixnetworking net> <http://www.matrixnetworking.net/> -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOeIiAjI5K0kmDqujEQJ99QCgt7abcLiAxRUNvu8vkJvN3Qh9QcMAn3ap xsfyf96fN+UHKOTU3KpgBSZa =v/Yt -----END PGP SIGNATURE----- <<John Bumgarner.vcf>>
Attachment:
John Bumgarner.vcf
Description:
Current thread:
- [PEN-TEST] Cold Fusion Hack? John Bumgarner (Oct 10)