CF 5 Hack
Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
RE: CF 5 Hack
We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? Yes, just change the registry key value to 0 for this key: HKLM\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Server\UseAdminPassword Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
Re: CF 5 Hack
As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
RE: CF 5 Hack
Off the top of my head, no, but if you can get into the registry you can set Administrator to not require a password. Sorry, but I don't know the key either. However, Google is a wonderfult thing: http://www.teratech.com/coldcuts/cutdetail.cfm?cutid=253 http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=6lngWId =9 -Original Message- From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 12:31 PM To: CF-Talk Subject: CF 5 Hack Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CF 5 Hack
http://www.mail-archive.com/cf-talk@houseoffusion.com/msg05663.html Quote: yeah you can disable it in the registry, set a new one, then enable it again. HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Server\UseAdmi nPassword = 0 That will disable the password Pete - Original Message - From: Mark A. Kruger - CFG [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, October 07, 2002 12:30 PM Subject: CF 5 Hack Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm
Re: CF 5 Hack
Can someone forward me the proper ethical procedure documentation referenced in the e-mail below. Thanks. Casey Cook Alex axs @m-net.arbornTo: CF-Talk [EMAIL PROTECTED] et.org cc: Subject: Re: CF 5 Hack 10/07/02 12:00 PM Please respond to cf-talk As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
RE: CF 5 Hack
I am following those procedures. I think I've been quite open about it. -mk -Original Message- From: Alex [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 12:00 PM To: CF-Talk Subject: Re: CF 5 Hack As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
RE: CF 5 Hack
Alex, Would you like me to send you the number or email of my client so you can verify that I'm not doing anything funny? Exactly what would satisfy you beyond the honesty I've already displayed? -mk -Original Message- From: Alex [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 12:00 PM To: CF-Talk Subject: Re: CF 5 Hack As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Re: CF 5 Hack
Ethical procedures: 1. The owner of the site have full right to know and change the passwords on the site. 2. Any developer must inform their employer of any passwords for the site. 3. A developer who leaves an employer should inform the employer of their change in work status as well as follow item 2. Two weeks notice is usual. In the case mentioned below, I see no issue of ethics that have to be examined or followed. The owner of the site wants access, simple as that. Can someone forward me the proper ethical procedure documentation referenced in the e-mail below. Thanks. Casey Cook As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
RE: CF 5 Hack
Yes he has. It wouldn't be following those procedures to say something like: Dreamweaver makes a directory on your server that has the name _MMServerScripts that allows one to brute force passwords - for RDS or Administrator. And, as a lovely addition, you can search google for _MMServerScripts to find a bunch of vulnerable sites. That would be bad, as it would point out blaring holes in security. -Original Message- From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 10:17 AM To: CF-Talk Subject: RE: CF 5 Hack I am following those procedures. I think I've been quite open about it. -mk -Original Message- From: Alex [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 12:00 PM To: CF-Talk Subject: Re: CF 5 Hack As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: CF 5 Hack
search the archives listed on the footer of this message... you will find what you need probably by searching for RESET or password... -paris Paris Lundis Founder Areaindex, L.L.C. http://www.areaindex.com http://www.pubcrawler.com 412-292-3135 [finding the future in the past, passing the future in the present] [connecting people, places and things] -Original Message- From: Mark A. Kruger - CFG [EMAIL PROTECTED] Date: Mon, 7 Oct 2002 12:17:12 -0500 Subject: RE: CF 5 Hack I am following those procedures. I think I've been quite open about it. -mk -Original Message- From: Alex [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 12:00 PM To: CF-Talk Subject: Re: CF 5 Hack As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
RE: CF 5 Hack
What does that have to do with my problem? I'm coming in after the fact - the previous developer is the one who failed, we are just trying to clean up the mess. In this case, I am (of course!) giving all the information to the owner of the site. -mk -Original Message- From: Michael Dinowitz [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 12:16 PM To: CF-Talk Subject: Re: CF 5 Hack Ethical procedures: 1. The owner of the site have full right to know and change the passwords on the site. 2. Any developer must inform their employer of any passwords for the site. 3. A developer who leaves an employer should inform the employer of their change in work status as well as follow item 2. Two weeks notice is usual. In the case mentioned below, I see no issue of ethics that have to be examined or followed. The owner of the site wants access, simple as that. Can someone forward me the proper ethical procedure documentation referenced in the e-mail below. Thanks. Casey Cook As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
Re: CF 5 Hack
Nothing at all. That's the point of what I was saying. All you need is the means to access the admin password and that's been described already. There are no ethical issues that I can see. What does that have to do with my problem? I'm coming in after the fact - the previous developer is the one who failed, we are just trying to clean up the mess. In this case, I am (of course!) giving all the information to the owner of the site. -mk -Original Message- From: Michael Dinowitz [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 12:16 PM To: CF-Talk Subject: Re: CF 5 Hack Ethical procedures: 1. The owner of the site have full right to know and change the passwords on the site. 2. Any developer must inform their employer of any passwords for the site. 3. A developer who leaves an employer should inform the employer of their change in work status as well as follow item 2. Two weeks notice is usual. In the case mentioned below, I see no issue of ethics that have to be examined or followed. The owner of the site wants access, simple as that. Can someone forward me the proper ethical procedure documentation referenced in the e-mail below. Thanks. Casey Cook As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CF 5 Hack
Yeah, change the registry setting. Either with the cfregistry tag or regedit. cfregistry action=SET branch=HKEY_LOCAL_MACHINE\Software\Allaire\ColdFusion\CurrentVersion\Server entry=UseAdminPassword type=String value=0 Cheers, Sam - Original Message - From: Mark A. Kruger - CFG [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, October 07, 2002 12:30 PM Subject: CF 5 Hack Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
RE: CF 5 Hack
I was kidding. You could decrypt the Application.cfm page in the admin section and change authentication or do the registry change as mentioned. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Alex, Would you like me to send you the number or email of my client so you can verify that I'm not doing anything funny? Exactly what would satisfy you beyond the honesty I've already displayed? -mk -Original Message- From: Alex [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 12:00 PM To: CF-Talk Subject: Re: CF 5 Hack As a member of the CF community I suggest you follow proper ethical procedures. On Mon, 7 Oct 2002, Mark A. Kruger - CFG wrote: Folks, We have a new client with a self-hosted server who has asked us to make some emergency changes. He lost his previous developer and does not know where to find him (.. and no - the site is not littlebopeep.com). He does not know the cf administrator password and it's important that we get in to the administrator. Short of re-installing, does anyone remember the hack to reset the password? -mk ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.