Geek Answers Handbook

Can I get the source of the hacked Coldfusion template?

We recently had access to hackers for our system. They dumped some Coldfusion templates and included them in random pages on our sites.

The files they upload start with the Allaire Cold Fusion Template , and then contain what seems like β€œjunk”, but I think it's some kind of pre-compiled Coldfusion code.

We cleared the hacks, but I saved the files because I was hoping there would be some way to compile them and maybe have some idea about them. Although I think it’s a hack case, I’m a bit worried about what this code is doing. (When I looked at the source of the page that included this code, it did not create an output, so something should happen in the background).

If there is no way, this is cool, I just thought that at least I would study the opportunity to see what these files were doing. Thanks in advance for any help.

+7
source share
2 answers

Wow, you woke up some of my "old" brain cells ... Once again, when you could encrypt your ColdFusion templates and they could still work on the ColdFusion server. This encryption was not very secure because the decryption algorithm was easily accessible. It was / - an easy way to "hide" your code from ignorance (I think).

I quickly did a Google search and found an old link to the decryption function on the Adobe site that could help β€œcrack” this code. AB Positive Encrypt and Decrypt I believe that their code should be encrypted in this way, otherwise the ColdFusion server will also not be able to read files. This download includes the cfdecrypt.exe and cfencode.exe .

If this tool does not work, and if I remember correctly, ColdFusion encryption before CFMX was performed using CFCrypt.exe . I think these were older versions of ColdFusion, but you can try this too. I could not find it, but I am sure that if you find it on Google.

Please bring back your results. I am interested to see what they are doing.

+7
source

There is a cfdecrypt program to help you decompile them. I have not used it for many years, but here is the link I found in the github project:

https://github.com/disccomp/cfdecrypt

+6
source

More articles:


All Articles