Decrypt ColdFusion Datasource Passwords

Today I came across a ColdFusion server that had some datasources and I needed to copy a datasource to another server. The only problem: I didn’t know the password. Here’s […]

Today I came across a ColdFusion server that had some datasources and I needed to copy a datasource to another server. The only problem: I didn’t know the password. Here’s a simple ColdFusion script to retrieve all of the datasources and passwords on the server. It’s also a good reason to keep sandboxes, especially on shared systems. It’s also a good reason to keep these database logins limited to the least amount of privileges.

<h1>ColdFusion Datasources</h1>
 
<cfscript>
 
// Create datasource object
variables.datasourceObject=createobject("java","coldfusion.server.ServiceFactory").getDatasourceService().getDatasources();
 
// Loop through datasources
for(variables.dataource in variables.datasourceObject) {
	if(len(variables.datasourceObject[variables.datasource]["password"])){
 
		// Set username
		variables.username = variables.datasourceObject[variables.datasource]["username"];
 
		// Set decrypted password
		variables.decryptedPassword = Decrypt(variables.datasourceObject[variables.datasource]["password"], generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede", "Base64");
 
		// Output datasource information
		writeoutput("<p><strong>" & "Datasource: " & variables.datasource & "</strong><br />"); 
		writeOutput("Username: " & variables.username & "<br />"); 
		writeOutput("Password: " & variables.decryptedPassword & "</p>"); 
 
	}
}
 
</cfscript>
Share

About ipaul

My name is Paul Hassinger, the founder of ipaul.com. I have been an avid user of computers since a child. I started when I was about 10 years old working on an Atari computer. Since then, I grew and have had exposure to all types of technologies. I started using FIDONet on a BBS as a child and grew to the Internet. My first graphical world wide web experience was in 1993 using Mosaic. Over time I've worked with both small and large computing systems even maintaining systems serving millions of users on some of the largest social networking sites. I hope to use this blog to capture what I've learned over the years and what I do in my daily life so that others and myself may find the information useful.