module
ColdFusion 'password.properties' Hash Extraction
| Disclosed | Created |
|---|---|
| 05/07/2013 | 05/30/2018 |
Disclosed
05/07/2013
Created
05/30/2018
Description
This module uses a directory traversal vulnerability to extract information
such as password, rdspassword, and "encrypted" properties. This module has been
tested successfully on ColdFusion 9 and ColdFusion 10 (auto-detect).
such as password, rdspassword, and "encrypted" properties. This module has been
tested successfully on ColdFusion 9 and ColdFusion 10 (auto-detect).
Authors
HTPsinn3r nebulus
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/gather/coldfusion_pwd_props
msf /(s) > show actions
...actions...
msf /(s) > set ACTION < action-name >
msf /(s) > show options
...show and set options...
msf /(s) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.