Re: Finding the CF Administrator password
Yeah .. someone sent me the key a little earlier and it worked like a charm. Actually, this other peson also showed me how to find the key to begin with ... it's amazingly simple. I don't see why you should be flamed .. people should not have CFRegistry active on a machine where they wouldn't want people getting in and doing stuff like this anyway. This is just another great example of why ;) Todd Ashworth Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] (p) (803) 328-2868 (f) - Original Message - From: "Dain Anderson" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Saturday, March 10, 2001 12:07 AM Subject: Re: Finding the CF Administrator password Todd, It's very easy to retrieve the admin password, and I'm sure I will get flamed for showing this, but what the hell: CFSET CFKey = "4p0L@r1$" CFREGISTRY ACTION=GET Branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Server " Entry="AdminPassword" Variable="AdminPassword" CFOUTPUT Registry Password: #CFusion_Decrypt(AdminPassword, CFKey)# /CFOUTPUT The key to decrypt it spells "4 Polaris" (Allaire inside joke?) -- this isn't my doing; rather, I was sent this from an anonymous source via the [EMAIL PROTECTED] address. I hope this will show Allaire and ISPs that there is a need for encryption, not encoding, for things such as this. I am against template encryption personally, but the administrator feature should have much better security. We live and learn, strive and yearn. Dain Anderson Caretaker, CF Comet http://www.cfcomet.com/ ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Finding the CF Administrator password
How does one disable CFRegistry? Thanks! John -Original Message- From: CF [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 10, 2001 10:48 AM To: CF-Talk Subject: Re: Finding the CF Administrator password Yeah .. someone sent me the key a little earlier and it worked like a charm. Actually, this other peson also showed me how to find the key to begin with ... it's amazingly simple. I don't see why you should be flamed .. people should not have CFRegistry active on a machine where they wouldn't want people getting in and doing stuff like this anyway. This is just another great example of why ;) Todd Ashworth Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] (p) (803) 328-2868 (f) - Original Message - From: "Dain Anderson" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Saturday, March 10, 2001 12:07 AM Subject: Re: Finding the CF Administrator password Todd, It's very easy to retrieve the admin password, and I'm sure I will get flamed for showing this, but what the hell: CFSET CFKey = "4p0L@r1$" CFREGISTRY ACTION=GET Branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Se rver " Entry="AdminPassword" Variable="AdminPassword" CFOUTPUT Registry Password: #CFusion_Decrypt(AdminPassword, CFKey)# /CFOUTPUT The key to decrypt it spells "4 Polaris" (Allaire inside joke?) -- this isn't my doing; rather, I was sent this from an anonymous source via the [EMAIL PROTECTED] address. I hope this will show Allaire and ISPs that there is a need for encryption, not encoding, for things such as this. I am against template encryption personally, but the administrator feature should have much better security. We live and learn, strive and yearn. Dain Anderson Caretaker, CF Comet http://www.cfcomet.com/ ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Finding the CF Administrator password
How does one disable CFRegistry? In the Administrator - Basic Security Along with CFDirectory, CFFile, CFExecute Philip Arnold Director Certified ColdFusion Developer ASP Multimedia Limited T: +44 (0)20 8680 1133 "Websites for the real world" ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password
It's in the CFAdministrator under Basic Security. Scroll down to the bottom and uncheck what you don't need. I would uncheck them all unless you have a speciffic need for one of them. Todd Ashworth Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] (p) (803) 328-2868 (f) - Original Message - From: "John Fix 3rd" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Saturday, March 10, 2001 10:57 AM Subject: RE: Finding the CF Administrator password How does one disable CFRegistry? Thanks! John -Original Message- From: CF [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 10, 2001 10:48 AM To: CF-Talk Subject: Re: Finding the CF Administrator password Yeah .. someone sent me the key a little earlier and it worked like a charm. Actually, this other peson also showed me how to find the key to begin with ... it's amazingly simple. I don't see why you should be flamed .. people should not have CFRegistry active on a machine where they wouldn't want people getting in and doing stuff like this anyway. This is just another great example of why ;) Todd Ashworth Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] (p) (803) 328-2868 (f) - Original Message - From: "Dain Anderson" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Saturday, March 10, 2001 12:07 AM Subject: Re: Finding the CF Administrator password Todd, It's very easy to retrieve the admin password, and I'm sure I will get flamed for showing this, but what the hell: CFSET CFKey = "4p0L@r1$" CFREGISTRY ACTION=GET Branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Se rver " Entry="AdminPassword" Variable="AdminPassword" CFOUTPUT Registry Password: #CFusion_Decrypt(AdminPassword, CFKey)# /CFOUTPUT The key to decrypt it spells "4 Polaris" (Allaire inside joke?) -- this isn't my doing; rather, I was sent this from an anonymous source via the [EMAIL PROTECTED] address. I hope this will show Allaire and ISPs that there is a need for encryption, not encoding, for things such as this. I am against template encryption personally, but the administrator feature should have much better security. We live and learn, strive and yearn. Dain Anderson Caretaker, CF Comet http://www.cfcomet.com/ ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Finding the CF Administrator password
Go to the CF Admin, under 'Basic Security' is a list of tags you can disable. That's of course just the first step towards securing the server. If you're running a shared environ make sure to grab the Allaire path to disable the CF Admin undocumented tags/functions as you can do all sorts of fun stuff w/ them. There are of course thousands of other things to be done, so have fun. Just a note on template encrypting: It's scarcly worth it as the server obviously needs a fixed key (as shown below) to make it portable and has to be an easy scheme to make the template run w/o much decryption overhead. Anyone w/ even basic knowledge of DES encryption and programming can sit down and reverse engineer the simplistic algorythm used. The proliferation of decryption binaries and the original key phrase now (I hadn't actual seen that before) makes it a waste of server resources. -Original Message- From: John Fix 3rd [mailto:[EMAIL PROTECTED]] Sent: March 10, 2001 07:57 To: CF-Talk Subject: RE: Finding the CF Administrator password How does one disable CFRegistry? Thanks! John -Original Message- From: CF [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 10, 2001 10:48 AM To: CF-Talk Subject: Re: Finding the CF Administrator password Yeah .. someone sent me the key a little earlier and it worked like a charm. Actually, this other peson also showed me how to find the key to begin with ... it's amazingly simple. I don't see why you should be flamed .. people should not have CFRegistry active on a machine where they wouldn't want people getting in and doing stuff like this anyway. This is just another great example of why ;) Todd Ashworth Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] (p) (803) 328-2868 (f) - Original Message - From: "Dain Anderson" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Saturday, March 10, 2001 12:07 AM Subject: Re: Finding the CF Administrator password Todd, It's very easy to retrieve the admin password, and I'm sure I will get flamed for showing this, but what the hell: CFSET CFKey = "4p0L@r1$" CFREGISTRY ACTION=GET Branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Se rver " Entry="AdminPassword" Variable="AdminPassword" CFOUTPUT Registry Password: #CFusion_Decrypt(AdminPassword, CFKey)# /CFOUTPUT The key to decrypt it spells "4 Polaris" (Allaire inside joke?) -- this isn't my doing; rather, I was sent this from an anonymous source via the [EMAIL PROTECTED] address. I hope this will show Allaire and ISPs that there is a need for encryption, not encoding, for things such as this. I am against template encryption personally, but the administrator feature should have much better security. We live and learn, strive and yearn. Dain Anderson Caretaker, CF Comet http://www.cfcomet.com/ ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Finding the CF Administrator password
Just a note on template encrypting: It's scarcly worth it as the server obviously needs a fixed key (as shown below) to make it portable and has to be an easy scheme to make the template run w/o much decryption overhead. Anyone w/ even basic knowledge of DES encryption and programming can sit down and reverse engineer the simplistic algorythm used. The proliferation of decryption binaries and the original key phrase now (I hadn't actual seen that before) makes it a waste of server resources. Also, there is a website where you can decrypt templates - it takes a few minutes to decrypt a whole bunch of templates Philip Arnold Director Certified ColdFusion Developer ASP Multimedia Limited T: +44 (0)20 8680 1133 "Websites for the real world" ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password
If you can't find, just turn it off and then go into Administrator and reset it and turn it back on. -- Clint Tredway www.factorxsoftware.com -- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Finding the CF Administrator password
Not the answer you're looking for But ... Couldn't you disable the password so you could get back in and then reset the password? |-Original Message- |From: Todd Ashworth [mailto:[EMAIL PROTECTED]] |Sent: Friday, March 09, 2001 4:28 PM |To: CF-Talk |Subject: Finding the CF Administrator password | | |A while back, someone posted something about a CF tag that |would find the |password for the CF Administrator for you. Well, I need to find the |password for the CF Administrator on one of our machines here. | Does anyone |know of this tag? Is there another way to find the password? |I know how to |disable it, but I actually need to find out what it is, so that doesn't |help. I can see it in the registry, but it's encrypted. |Anyone have any |ideas? | |Todd Ashworth -- |Web Application Developer |Network Administrator | |Saber Corporation |314 Oakland Ave. |Rock Hill, SC 29730 |(803) 327-0137 [111] | | | | ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Finding the CF Administrator password
Todd: See if this can help you: (excerpt from CF FAQ, http://www.thenetprofits.co.uk/coldfusion/faq/) = Run regedit and go to to: HKLM\Software\Allaire\ColdFusion\CurrentVersion\Server Change UseAdminPassword from 1 to 0. This will allow you to get into your ColdFusion Administrator without being asked for a password. Remember to turn on password protection from the Administrator once you get in and change the password. Hope this helps, Dimo Michailov Certified Cold Fusion 4.5 Web Developer USA-IT, Inc. [EMAIL PROTECTED] -Original Message- From: Todd Ashworth [mailto:[EMAIL PROTECTED]] Sent: Friday, March 09, 2001 4:28 PM To: CF-Talk Subject: Finding the CF Administrator password A while back, someone posted something about a CF tag that would find the password for the CF Administrator for you. Well, I need to find the password for the CF Administrator on one of our machines here. Does anyone know of this tag? Is there another way to find the password? I know how to disable it, but I actually need to find out what it is, so that doesn't help. I can see it in the registry, but it's encrypted. Anyone have any ideas? Todd Ashworth -- Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password
You can edit the registery to disable the password. Then log in (no password) and enable and change the password... A while back, someone posted something about a CF tag that would find the password for the CF Administrator for you. Well, I need to find the password for the CF Administrator on one of our machines here. Does anyone know of this tag? Is there another way to find the password? I know how to disable it, but I actually need to find out what it is, so that doesn't help. I can see it in the registry, but it's encrypted. Anyone have any ideas? Todd Ashworth -- Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password
Disable it and the change it in CF Administrator is the simplest solution, followed by re-enabling it. DC - Original Message - From: "Todd Ashworth" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, March 09, 2001 16:28 Subject: Finding the CF Administrator password A while back, someone posted something about a CF tag that would find the password for the CF Administrator for you. Well, I need to find the password for the CF Administrator on one of our machines here. Does anyone know of this tag? Is there another way to find the password? I know how to disable it, but I actually need to find out what it is, so that doesn't help. I can see it in the registry, but it's encrypted. Anyone have any ideas? Todd Ashworth -- Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Finding the CF Administrator password
If the machine is NT, you can shut off the password in the registry. HKLM\Software\Allaire\ColdFusion\CurrentVersion\Server\ UseAdminPassword Set value = 0 HTH Duane -Original Message- From: Todd Ashworth [mailto:[EMAIL PROTECTED]] Sent: Friday, March 09, 2001 4:28 PM To: CF-Talk Subject: Finding the CF Administrator password A while back, someone posted something about a CF tag that would find the password for the CF Administrator for you. Well, I need to find the password for the CF Administrator on one of our machines here. Does anyone know of this tag? Is there another way to find the password? I know how to disable it, but I actually need to find out what it is, so that doesn't help. I can see it in the registry, but it's encrypted. Anyone have any ideas? Todd Ashworth -- Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password
I could, but I actually _need to know what the password is_ in this case. I need it to use it somewhere else and the only place I know I can find it for sure is in the CF Administrator. Like I said before, I know how to disable the password, but that doesn't do me much good. :( I'm supprised some talented CF hacker hasn't found a way to yank it out of the registry and convert it back to its original form. Todd Ashworth -- Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] - Original Message - From: "Patricia Lee" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, March 09, 2001 4:39 PM Subject: RE: Finding the CF Administrator password | Not the answer you're looking for | | But ... | | Couldn't you disable the password so you could get back in and then reset | the password? | | |-Original Message- | |From: Todd Ashworth [mailto:[EMAIL PROTECTED]] | |Sent: Friday, March 09, 2001 4:28 PM | |To: CF-Talk | |Subject: Finding the CF Administrator password | | | | | |A while back, someone posted something about a CF tag that | |would find the | |password for the CF Administrator for you. Well, I need to find the | |password for the CF Administrator on one of our machines here. | | Does anyone | |know of this tag? Is there another way to find the password? | |I know how to | |disable it, but I actually need to find out what it is, so that doesn't | |help. I can see it in the registry, but it's encrypted. | |Anyone have any | |ideas? | | | |Todd Ashworth -- | |Web Application Developer | |Network Administrator | | | |Saber Corporation | |314 Oakland Ave. | |Rock Hill, SC 29730 | |(803) 327-0137 [111] | | | | | | | | | ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password - Also attn: Uwe
OK .. 1 more time for those who might have missunderstood =-p I DO NOT want to disable the password. I don't care about getting into the CF Administrator. I need to know what the password is because it is the same password that I need to use to get into something else. The person who set up the password is no longer here, so I doubt I have any way of getting it unless I can find it some place. I know the password in the CF Admin is the same one that I need and that's why I'm interested in it. Unfortunately, when viewed from the registry, it's encrypted. I was hoping someone would know how to decrypt it, or knew a handy tag / tool for doing such. Uwe mentioned back in December that someone had given him such a tag, so that's why I thought someone else might know. Thanks all, Todd Ashworth -- P.S. Uwe .. If you read this and you still have that tag, I would be most appreciative if you could send it to me. Thanks. - Original Message - From: "Tony Schreiber" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, March 09, 2001 4:37 AM Subject: Re: Finding the CF Administrator password | You can edit the registery to disable the password. Then log in (no | password) and enable and change the password... | | A while back, someone posted something about a CF tag that would find the | password for the CF Administrator for you. Well, I need to find the | password for the CF Administrator on one of our machines here. Does anyone | know of this tag? Is there another way to find the password? I know how to | disable it, but I actually need to find out what it is, so that doesn't | help. I can see it in the registry, but it's encrypted. Anyone have any | ideas? | | Todd Ashworth -- | Web Application Developer | Network Administrator | | Saber Corporation | 314 Oakland Ave. | Rock Hill, SC 29730 | (803) 327-0137 [111] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password
Todd Ashworth wrote: I'm supprised some talented CF hacker hasn't found a way to yank it out of the registry and convert it back to its original form. I don't know the details of the encryption used for the password in the registry, but I would expect it to use a one- way encryption method. To check a password, the supplied password is encrypted and compared with the encrypted password from the registry. There's never any need to decrypt it, and it's likely impossible to do so. By "impossible" I mean that it would require far too much computing time with current processors. It has nothing to do with how talented the hacker might be. Of course, the CF admin password may not work like that, but it would seem to be unnecessarily insecure if it didn't. Keith C. Ivey [EMAIL PROTECTED] Webmaster, EEI Communications 66 Canal Center Plaza, Suite 200 Alexandria, VA 22314 Telephone: 703-683-0683 Fax: 703-683-4915 Web Site: http://www.eeicommunications.com ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password
Check this link Todd. http://www.fusionauthority.com/alert/index.cfm?alertid=6#Tech1 There are undocumented "Administrator" functions called CFusion_Encrypt()/CFusion_Decrypt. These are probably the functions that were used to encrypt the string... jon - Original Message - From: "Todd Ashworth" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, March 09, 2001 5:00 PM Subject: Re: Finding the CF Administrator password - Also attn: Uwe OK .. 1 more time for those who might have missunderstood =-p I DO NOT want to disable the password. I don't care about getting into the CF Administrator. I need to know what the password is because it is the same password that I need to use to get into something else. The person who set up the password is no longer here, so I doubt I have any way of getting it unless I can find it some place. I know the password in the CF Admin is the same one that I need and that's why I'm interested in it. Unfortunately, when viewed from the registry, it's encrypted. I was hoping someone would know how to decrypt it, or knew a handy tag / tool for doing such. Uwe mentioned back in December that someone had given him such a tag, so that's why I thought someone else might know. Thanks all, Todd Ashworth -- P.S. Uwe .. If you read this and you still have that tag, I would be most appreciative if you could send it to me. Thanks. - Original Message - From: "Tony Schreiber" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, March 09, 2001 4:37 AM Subject: Re: Finding the CF Administrator password | You can edit the registery to disable the password. Then log in (no | password) and enable and change the password... | | A while back, someone posted something about a CF tag that would find the | password for the CF Administrator for you. Well, I need to find the | password for the CF Administrator on one of our machines here. Does anyone | know of this tag? Is there another way to find the password? I know how to | disable it, but I actually need to find out what it is, so that doesn't | help. I can see it in the registry, but it's encrypted. Anyone have any | ideas? | | Todd Ashworth -- | Web Application Developer | Network Administrator | | Saber Corporation | 314 Oakland Ave. | Rock Hill, SC 29730 | (803) 327-0137 [111] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password
Excellent. What they are talking about looks likw what might be in the registry. This might just do what I want. If so, that's 2 I owe ya ;) Todd Ashworth -- Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] - Original Message - From: "Jon Hall" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, March 09, 2001 5:22 PM Subject: Re: Finding the CF Administrator password | Check this link Todd. | http://www.fusionauthority.com/alert/index.cfm?alertid=6#Tech1 | | There are undocumented "Administrator" functions called | CFusion_Encrypt()/CFusion_Decrypt. | These are probably the functions that were used to encrypt the string... | | jon ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Finding the CF Administrator password
Todd, It's very easy to retrieve the admin password, and I'm sure I will get flamed for showing this, but what the hell: CFSET CFKey = "4p0L@r1$" CFREGISTRY ACTION=GET Branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Server " Entry="AdminPassword" Variable="AdminPassword" CFOUTPUT Registry Password: #CFusion_Decrypt(AdminPassword, CFKey)# /CFOUTPUT The key to decrypt it spells "4 Polaris" (Allaire inside joke?) -- this isn't my doing; rather, I was sent this from an anonymous source via the [EMAIL PROTECTED] address. I hope this will show Allaire and ISPs that there is a need for encryption, not encoding, for things such as this. I am against template encryption personally, but the administrator feature should have much better security. We live and learn, strive and yearn. Dain Anderson Caretaker, CF Comet http://www.cfcomet.com/ - Original Message - From: "Todd Ashworth" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, March 09, 2001 5:31 PM Subject: Re: Finding the CF Administrator password Excellent. What they are talking about looks likw what might be in the registry. This might just do what I want. If so, that's 2 I owe ya ;) Todd Ashworth -- Web Application Developer Network Administrator Saber Corporation 314 Oakland Ave. Rock Hill, SC 29730 (803) 327-0137 [111] - Original Message - From: "Jon Hall" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, March 09, 2001 5:22 PM Subject: Re: Finding the CF Administrator password | Check this link Todd. | http://www.fusionauthority.com/alert/index.cfm?alertid=6#Tech1 | | There are undocumented "Administrator" functions called | CFusion_Encrypt()/CFusion_Decrypt. | These are probably the functions that were used to encrypt the string... | | jon ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
