21.-Coldfusion-discovery-and-enumeration

1. ColdFusion Overview

Definition: A Java-based web application development platform using ColdFusion Markup Language (CFML).
Common Uses: Dynamic web applications, database integration, and web content management.
Supported Languages: CFML, JavaScript, Java.
Common File Extensions: .cfm, .cfc.
Common Ports: 80, 443, 1935, 25, 8500, 5500.

2. Enumeration Techniques

Port Scanning

ColdFusion often uses port 8500.
Command:
```
nmap -p- -sC -Pn <target_ip> --open
```
- -p-: Scans all ports.
- -sC: Runs default scripts.
- -Pn: Skips host discovery.
- --open: Shows only open ports.

File Extensions

Look for .cfm and .cfc extensions.

HTTP Headers

Check response headers for Server: ColdFusion or X-Powered-By: ColdFusion.
Command:
```
curl -I http://<target_ip>
```

Error Messages

ColdFusion error messages may contain ColdFusion-specific tags or functions.

Default Files

Look for default ColdFusion files like:
- admin.cfm
- CFIDE/administrator/index.cfm
Navigating to /CFIDE/administrator is a strong indicator of a ColdFusion installation.

3. Enumeration Commands and Explanation

Nmap Port and Service Scan

nmap -p- -sC -Pn <target_ip> --open

Scans all TCP ports, detects service versions, and runs default scripts.

Manual Directory Browsing

Open a web browser and visit:
- http://<target_ip>:8500
- https://<target_ip>:8500
- http://<target_ip>:8500/CFIDE/administrator
These URLs may reveal directories like CFIDE and cfdocs.

cURL Header Check

curl -I http://<target_ip>

Retrieves HTTP headers to identify the ColdFusion server.

Gobuster Directory Bruteforcing

gobuster dir -u http://<target_ip> -w <wordlist>

Brute-forces directories and files.

Dirb Directory Bruteforcing

dirb http://<target_ip> <wordlist>

Alternative directory bruteforcer.

FFuf Directory Bruteforcing

ffuf -w <wordlist> -u http://<target_ip>/FUZZ

Another directory bruteforcer.

Web Browser Developer Tools

Use the Network tab in browser developer tools to inspect HTTP headers and responses.

4. Key Points

ColdFusion's default port is 8500, and specific directories (e.g., CFIDE) can indicate its presence.
File extensions and HTTP headers can reveal ColdFusion-specific details.
Error messages may provide further clues about the application.
Default files like admin.cfm can expose sensitive information.
ColdFusion applications can be slow to respond, so be patient when testing.

5. Important Notes

Ensure you have explicit permission before testing.
Use VPNs or proxy tools for anonymity.
Modify file paths and usernames as per your environment.
Administrative privileges may be required for some tests.
Regularly update your wordlists for directory bruteforcing.

Previous7. Miscellaneous Applications NextColdFusion Exploitation Guide

Last updated 8 months ago

hashtag1. ColdFusion Overview

hashtag2. Enumeration Techniques

hashtagPort Scanning

hashtagFile Extensions

hashtagHTTP Headers

hashtagError Messages

hashtagDefault Files

hashtag3. Enumeration Commands and Explanation

hashtagNmap Port and Service Scan

hashtagManual Directory Browsing

hashtagcURL Header Check

hashtagGobuster Directory Bruteforcing

hashtagDirb Directory Bruteforcing

hashtagFFuf Directory Bruteforcing

hashtagWeb Browser Developer Tools

hashtag4. Key Points

hashtag5. Important Notes

1. ColdFusion Overview

2. Enumeration Techniques

Port Scanning

File Extensions

HTTP Headers

Error Messages

Default Files

3. Enumeration Commands and Explanation

Nmap Port and Service Scan

Manual Directory Browsing

cURL Header Check

Gobuster Directory Bruteforcing

Dirb Directory Bruteforcing

FFuf Directory Bruteforcing

Web Browser Developer Tools

4. Key Points

5. Important Notes