我可以得到一个被黑的Coldfusion模板的来源吗？ [英] Can I get the source of a hacked Coldfusion template?

问题描述

我们最近有一个黑客访问我们的系统。

We recently had a hacker gain access to our system. They dumped some Coldfusion templates and included them in random pages on our sites.

他们转储的文件以开头Allaire Cold Fusion Template 然后包含看起来是垃圾，但我相信这是一些预编译的Coldfusion代码。

The files they dump start with Allaire Cold Fusion Template and then contain what appears to be "garbage", but I believe that this is some kind of pre-compiled Coldfusion code.

我们清除了黑客，但我保存了文件，因为我希望有一些方法来解压缩它们，也许对它们有一些了解。虽然我认为黑客是处理，我有点担心这个代码在做什么。 （当我查看包含此代码的页面的源代码时，它没有创建输出，所以必须在后台运行。）

We've cleared out the hacks, but I saved off the files because I was hoping that there would be some way to de-compile them and maybe make some sense of them. Although I think the hack is dealt with, I am a little worried about what this code was doing. (When I looked at the source of a page that included this code, it created no output, so something had to be going on in the background.)

如果有有一种方法，这很酷，我只是想我会至少调查看到这些文件正在做什么的可能性。感谢您提供任何帮助。

If there isn't a way, that's cool, I just thought I would at least investigate the possibility of seeing what these files were doing. Thanks in advance for any help.

推荐答案

哇，你已经唤醒了我的一些老脑细胞...当你可以加密你的ColdFusion模板，他们仍然可以在ColdFusion服务器上运行。该加密不是非常安全，因为解密算法是容易获得的。这是/是一个简单的方法来隐藏你的代码从不知道（我猜）。

Wow, you have awakened some of my "old" brain cells... Way back when you could encrypt your ColdFusion templates and they could still be run on a ColdFusion server. This encryption was not very secure as the decrypting algorithm was readily available. It was/is an easy way to "hide" your code from the unknowing (I guess).

我做了一个快速的Google搜索，发现一个旧的引用解密函数在Adobe的网站，可能有助于破解该代码。 AB Positive Encrypt and Decrypt 我相信他们的代码必须加密这种方式，否则ColdFusion服务器将无法读取文件。此下载包括 cfdecrypt.exe 和 cfencode.exe 程序。

I did a quick Google search and found an old reference to a decrypt function on Adobe's site that may help "crack" that code. AB Positive Encrypt and Decrypt I believe their code would have to be encrypted this way otherwise the ColdFusion server would not be able to read the files either. This download includes the cfdecrypt.exe and cfencode.exe programs.

如果该工具不起作用，如果我记得正确，在CFMX之前的ColdFusion加密使用 CFCrypt.exe 。这是一个旧版本的ColdFusion我认为，但你可以尝试使用它。我找不到它，但我相信如果你的Google，它可以找到。

If that tool does not work and if I remember correctly, the ColdFusion encryption before CFMX was done using something called CFCrypt.exe. That was an older versions of ColdFusion I think but you can try using that too. I couldn't find it but I'm sure if you Google for it can be found.

请发回您的结果。我有兴趣看看他们在做什么。

Please post back with your results. I'm interested to see what they were doing.

这篇关于我可以得到一个被黑的Coldfusion模板的来源吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！