Translated ['network-services-pentesting/pentesting-web/drupal/README.md

This commit is contained in:
Translator 2024-08-12 13:10:30 +00:00
parent 8d5f933f24
commit bf5fa20b81

View file

@ -1,12 +1,12 @@
# Drupal # Drupal
{% hint style="success" %} {% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\ Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte) Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details> <details>
<summary>Podrška HackTricks</summary> <summary>Podržite HackTricks</summary>
* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)! * Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
@ -53,7 +53,7 @@ Novije instalacije Drupala po defaultu blokiraju pristup datotekama `CHANGELOG.t
#### Registracija #### Registracija
Na _/user/register_ samo pokušajte da kreirate korisničko ime i ako je ime već zauzeto bićete obavešteni: U _/user/register_ samo pokušajte da kreirate korisničko ime i ako je ime već zauzeto bićete obavešteni:
![](<../../../.gitbook/assets/image (328).png>) ![](<../../../.gitbook/assets/image (328).png>)
@ -69,7 +69,7 @@ Ako zatražite novu lozinku za nepostojeće korisničko ime:
### Dobijanje broja korisnika ### Dobijanje broja korisnika
Pristupanjem _/user/\<number>_ možete videti broj postojećih korisnika, u ovom slučaju je 2 jer _/users/3_ vraća grešku da nije pronađeno: Pristupajući _/user/\<number>_ možete videti broj postojećih korisnika, u ovom slučaju je 2 jer _/users/3_ vraća grešku da nije pronađeno:
![](<../../../.gitbook/assets/image (333).png>) ![](<../../../.gitbook/assets/image (333).png>)
@ -102,9 +102,14 @@ Ako imate pristup Drupal web konzoli, proverite ove opcije da biste dobili RCE:
[drupal-rce.md](drupal-rce.md) [drupal-rce.md](drupal-rce.md)
{% endcontent-ref %} {% endcontent-ref %}
## Drupal From XSS to RCE
Kroz ovu tehniku, moguće je postići **Remote Code Execution (RCE)** u Drupalu putem **Cross-Site Scripting (XSS)**. https://github.com/nowak0x01/Drupalwned
<br><br>
**Za detaljnije korake proverite:** https://nowak0x01.github.io/papers/76bc0832a8f682a7e0ed921627f85d1d.html
## Post Exploitation ## Post Exploitation
### Pročitajte settings.php ### Read settings.php
``` ```
find / -name settings.php -exec grep "drupal_hash_salt\|'database'\|'username'\|'password'\|'host'\|'port'\|'driver'\|'prefix'" {} \; 2>/dev/null find / -name settings.php -exec grep "drupal_hash_salt\|'database'\|'username'\|'password'\|'host'\|'port'\|'driver'\|'prefix'" {} \; 2>/dev/null
``` ```