我可以获得被黑的 Coldfusion 模板的来源吗? [英] Can I get the source of a hacked Coldfusion template?
问题描述
我们最近有一名黑客访问了我们的系统.他们转储了一些 Coldfusion 模板,并将它们包含在我们网站上的随机页面中.
We recently had a hacker gain access to our system. They dumped some Coldfusion templates and included them in random pages on our sites.
他们转储的文件以 Allaire Cold Fusion Template 开头,然后包含看似垃圾"的内容,但我相信这是某种预编译的 Coldfusion 代码.
The files they dump start with Allaire Cold Fusion Template and then contain what appears to be "garbage", but I believe that this is some kind of pre-compiled Coldfusion code.
我们已经清除了这些 hack,但我保存了这些文件,因为我希望有一些方法可以反编译它们,也许可以理解它们.虽然我认为黑客已经解决了,但我有点担心这段代码在做什么.(当我查看包含此代码的页面源时,它没有创建任何输出,因此必须在后台发生一些事情.)
We've cleared out the hacks, but I saved off the files because I was hoping that there would be some way to de-compile them and maybe make some sense of them. Although I think the hack is dealt with, I am a little worried about what this code was doing. (When I looked at the source of a page that included this code, it created no output, so something had to be going on in the background.)
如果没有办法,那就太好了,我只是想我至少会调查一下看看这些文件在做什么的可能性.提前感谢您的帮助.
If there isn't a way, that's cool, I just thought I would at least investigate the possibility of seeing what these files were doing. Thanks in advance for any help.
推荐答案
哇,你唤醒了我的一些旧"脑细胞......冷融合服务器.这种加密不是很安全,因为解密算法很容易获得.这是/是一种简单的方法来隐藏"你的代码不被不知情的人(我猜).
Wow, you have awakened some of my "old" brain cells... Way back when you could encrypt your ColdFusion templates and they could still be run on a ColdFusion server. This encryption was not very secure as the decrypting algorithm was readily available. It was/is an easy way to "hide" your code from the unknowing (I guess).
我在 Google 上进行了快速搜索,并在 Adobe 的网站上找到了对解密功能的旧参考,这可能有助于破解"该代码.AB正加密和解密我相信他们的代码必须加密这样,否则 ColdFusion 服务器也无法读取文件.此下载包括 cfdecrypt.exe 和 cfencode.exe 程序.
I did a quick Google search and found an old reference to a decrypt function on Adobe's site that may help "crack" that code. AB Positive Encrypt and Decrypt I believe their code would have to be encrypted this way otherwise the ColdFusion server would not be able to read the files either. This download includes the cfdecrypt.exe and cfencode.exe programs.
如果该工具不起作用并且我没记错的话,CFMX 之前的 ColdFusion 加密是使用名为 CFCrypt.exe 的东西完成的.我认为那是 ColdFusion 的旧版本,但您也可以尝试使用它.我找不到它,但我确定您是否可以通过 Google 找到它.
If that tool does not work and if I remember correctly, the ColdFusion encryption before CFMX was done using something called CFCrypt.exe. That was an older versions of ColdFusion I think but you can try using that too. I couldn't find it but I'm sure if you Google for it can be found.
请回复您的结果.我很想看看他们在做什么.
Please post back with your results. I'm interested to see what they were doing.
这篇关于我可以获得被黑的 Coldfusion 模板的来源吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
