mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 22:52:06 +00:00
Translated ['network-services-pentesting/pentesting-web/drupal/README.md
This commit is contained in:
parent
8d5f933f24
commit
bf5fa20b81
1 changed files with 11 additions and 6 deletions
|
@ -1,12 +1,12 @@
|
||||||
# Drupal
|
# Drupal
|
||||||
|
|
||||||
{% hint style="success" %}
|
{% hint style="success" %}
|
||||||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||||||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
<summary>Podrška HackTricks</summary>
|
<summary>Podržite HackTricks</summary>
|
||||||
|
|
||||||
* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
|
* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
|
||||||
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||||||
|
@ -53,7 +53,7 @@ Novije instalacije Drupala po defaultu blokiraju pristup datotekama `CHANGELOG.t
|
||||||
|
|
||||||
#### Registracija
|
#### Registracija
|
||||||
|
|
||||||
Na _/user/register_ samo pokušajte da kreirate korisničko ime i ako je ime već zauzeto bićete obavešteni:
|
U _/user/register_ samo pokušajte da kreirate korisničko ime i ako je ime već zauzeto bićete obavešteni:
|
||||||
|
|
||||||
![](<../../../.gitbook/assets/image (328).png>)
|
![](<../../../.gitbook/assets/image (328).png>)
|
||||||
|
|
||||||
|
@ -69,7 +69,7 @@ Ako zatražite novu lozinku za nepostojeće korisničko ime:
|
||||||
|
|
||||||
### Dobijanje broja korisnika
|
### Dobijanje broja korisnika
|
||||||
|
|
||||||
Pristupanjem _/user/\<number>_ možete videti broj postojećih korisnika, u ovom slučaju je 2 jer _/users/3_ vraća grešku da nije pronađeno:
|
Pristupajući _/user/\<number>_ možete videti broj postojećih korisnika, u ovom slučaju je 2 jer _/users/3_ vraća grešku da nije pronađeno:
|
||||||
|
|
||||||
![](<../../../.gitbook/assets/image (333).png>)
|
![](<../../../.gitbook/assets/image (333).png>)
|
||||||
|
|
||||||
|
@ -102,9 +102,14 @@ Ako imate pristup Drupal web konzoli, proverite ove opcije da biste dobili RCE:
|
||||||
[drupal-rce.md](drupal-rce.md)
|
[drupal-rce.md](drupal-rce.md)
|
||||||
{% endcontent-ref %}
|
{% endcontent-ref %}
|
||||||
|
|
||||||
|
## Drupal From XSS to RCE
|
||||||
|
Kroz ovu tehniku, moguće je postići **Remote Code Execution (RCE)** u Drupalu putem **Cross-Site Scripting (XSS)**. https://github.com/nowak0x01/Drupalwned
|
||||||
|
<br><br>
|
||||||
|
**Za detaljnije korake proverite:** https://nowak0x01.github.io/papers/76bc0832a8f682a7e0ed921627f85d1d.html
|
||||||
|
|
||||||
## Post Exploitation
|
## Post Exploitation
|
||||||
|
|
||||||
### Pročitajte settings.php
|
### Read settings.php
|
||||||
```
|
```
|
||||||
find / -name settings.php -exec grep "drupal_hash_salt\|'database'\|'username'\|'password'\|'host'\|'port'\|'driver'\|'prefix'" {} \; 2>/dev/null
|
find / -name settings.php -exec grep "drupal_hash_salt\|'database'\|'username'\|'password'\|'host'\|'port'\|'driver'\|'prefix'" {} \; 2>/dev/null
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in a new issue