Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

cfdecrypt.txt

🗓️ 21 Sep 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Tool decrypts Cold Fusion templates encrypted with CFCRYPT, requires DES encryption library.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Subject: Re: New Allaire Security Zone Bulletins and KB Articles  
To: [email protected]   
  
  
On Tue May 25 1999, James Stephens wrote:  
>  
> At 03:00 PM 5/24/99 -0700, [email protected] wrote:  
>  
> > ASB99-08: Pages Encrypted with CFCRYPT.EXE Can Be Illegally Decrypted  
>  
> Has anyone seen the program that can alegedly decrypt encrypted cfml pages?  
  
  
Indeed I recently needed such a tool to legitimately recover lost source. Since  
I couldn't find one on the Internet I ended up writing it myself. The source is  
attached.  
  
  
Matt/* CFDECRYPT: Decrypt Cold Fusion templates encrypted with CFCRYPT  
Matt Chapman <[email protected]>  
  
  
Usage: cfdecrypt <encrypted.cfm >decrypted.cfm  
  
  
Requires a DES encryption library to compile.  
*/  
  
  
#include <stdio.h>  
#include "des.h"  
  
  
int main(void)  
{  
char *header = "Allaire Cold Fusion Template\012Header Size: ";  
char buffer[54];  
int headsize, outlen;  
int skip_header;  
int len, i;  
  
  
char *keystr = "Error: cannot open template file--\"%s\". Please, try again!\012\012";  
des_cblock key;  
des_cblock input;  
des_cblock output;  
des_key_schedule schedule;  
  
  
if ((fread(buffer, 1, 54, stdin) < 54) || (memcmp(buffer, header, 42)))  
{  
fprintf(stderr, "File is not an encrypted template\n");  
return 1;  
}  
  
  
if (!memcmp(&buffer[42], "New Version", 11))  
{  
headsize = 69;  
skip_header = 1;  
}  
else  
{  
headsize = atoi(&buffer[42]);  
skip_header = 0;  
}  
  
  
if ((headsize < 54) || (fseek(stdin, headsize, SEEK_SET) < 0))  
{  
fprintf(stderr, "Error in file format\n");  
return 1;  
}  
  
  
des_string_to_key(keystr, &key);  
des_set_key(&key, schedule);  
outlen = 0;  
  
  
while ((len = fread(input, 1, 8, stdin)) == 8)  
{  
des_ecb_encrypt(&input, &output, schedule, 0);  
outlen += 8;  
i = 0;  
  
  
if (skip_header)  
{  
while (i < 8)  
{  
if (output[i++] == 0x1A)  
{  
skip_header = 0;  
break;  
}  
}  
}  
  
  
fwrite(output + i, 1, 8 - i, stdout);  
}  
  
  
for (i = 0; i < len; i++)  
{  
output[i] = input[i] ^ (outlen + i);  
}  
  
  
fwrite(output, 1, len, stdout);  
  
  
return 0;  
}  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 Sep 1999 00:00Current
7.4High risk
Vulners AI Score7.4
cfcryptcold fusiondecrypt toolencryption librarysource codefile formatdes encryption.
20
.json
Report