[PEN-TEST] Cold Fusion Hack?

[John Bumgarner <JBumgarner () MATRIXNETWORKING NET>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Has anyone had success with this problem as part of a pen-test?

The client has Cold Fusion configured to allow remotely
administration at
<http://www.targethost.com/cfide/administrator/startstop.html> .  The
web server uses a Java Applet for the password prompt.  The account
name is Administrator (gathered with a local sniffer).

I have tried a list of the most common passwords, but no luck.  Does
anyone know a tool other than Brutus that can be configured to brute
force the password via this java prompt?


Please respond to me with any questions or comments.

Sincerely,

John Bumgarner, CISSP
Security Practice Director
Matrix Networking Group, LLC
6425 Bannington Drive
Suite A
Charlotte, NC 28226
Voice   (704) 907-0462
Fax      (704) 341-4131

<mailto:jbumgarner () matrixnetworking net>

<http://www.matrixnetworking.net/>




-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOeIiAjI5K0kmDqujEQJ99QCgt7abcLiAxRUNvu8vkJvN3Qh9QcMAn3ap
xsfyf96fN+UHKOTU3KpgBSZa
=v/Yt
-----END PGP SIGNATURE-----
 <<John Bumgarner.vcf>>

Attachment: John Bumgarner.vcf
Description: