Penetration Testing mailing list archives
brute force ColdFusion MX7 admin page
From: Anonymous <anon_email4me () yahoo com>
Date: Wed, 19 Dec 2007 19:44:25 -0800 (PST)
I would send this from my work account but every time I respond to a question I get a bunch of spam. So... on to the real situation. A customer's ColdFusion MX7 admin page is reachable from the Internet. As part of the external pen test I'd like to attempt to brute force this page. It would seem to be easier than normal because there is only a password - no username is needed. However, there is a small problem that I'm not sure how to tackle quickly. I don't have much time left. The form action is this: <form name="loginform" action="/cfide/administrator/enter.cfm" method="POST" onSubmit="cfadminPassword.value = hex_hmac_sha1(salt.value, hex_sha1(cfadminPassword.value));" > There is a hidden field in the form with the salt value: <input name="salt" type="hidden" value="1198120613281"> I imagine the salt is predictable but I also imagine that it wouldn't help much to predict it. Maybe I'm wrong. The page has a meta refresh of 50. The password field is: <input name="cfadminPassword" type="Password" size="15" maxlength="100" id="admin_login"> Because of the encoding of the entered password with the salt it doesn't look like I can use Hydra. Am I stuck writing my own script using wget (or something) and a function to hash the password and salt. If so, does anyone know about these functions: hex_hmac_sha1 and hex_sha1? Hopefully this is the type of thing that will bring the old PT List back.... maybe... Thanks for any input! ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- brute force ColdFusion MX7 admin page Anonymous (Dec 19)
- Re: brute force ColdFusion MX7 admin page Joseph McCray (Dec 23)
- RE: brute force ColdFusion MX7 admin page Marc Ouwerkerk (Dec 23)
- <Possible follow-ups>
- Re: brute force ColdFusion MX7 admin page krymson (Dec 27)