g2 s15 CMS

1. What Is a CMS?
2. ================
3.  
4. A Content MAnagement System(CMS), is a system that allows you to manage information easily and effectively. The information could be anything, whether it’s a simple article or a complex media management system.
5. It’s for non-technical users based system that allows them organize content easily and makes the process easily rather than hectic. In any web-based application, there are three basic operations
6. --> Add
7. --> Edit
8. --> Delete
9.  
10. Example: Wordpress , Joomla , drupal etc...
11.  
12.  
13. Joomla
14. =========
15. Joomla is an open source CMS that allows you to generate web content and powerful applications.
16.  
17.  
18. Wordpress and Joomla
19. ---------------------
20. WordPress is now a multi-purpose content management system that powers over 31% of all the websites on the Internet (including a lot more than just blogs!).
21.  
22. Joomla is the second most popular content management system, powering around 3% of all the websites on the Internet.
23.  
24.  
25. ---> Functionality – WordPress calls these plugins, while Joomla calls them extensions.
26.  
27. ---> Aesthetics – WordPress calls these themes, while Joomla calls them templates.
28.  
29.  
30. Installation Of Joomla (Setting Up of Joomla)
31. =========================
32. Step 1: visit https://downloads.joomla.org/cms/joomla3/3-7-1
33. Step 2: Download and extract it.
34. Step 3: Now copy the folder to c://xampp/htdocs
35. Step 4: Open it in browser
36. Step 5: Fill the details in first tab and click Next.
37. Step 6: Create a database for joomla.
38. Step 7: Add a User and assign Priveleges.
39. Step 8: Now go to C:\xampp\htdocs\Joomla\installation\sql\mysql
40. Step 9: Open Joomla.sql
41. Step 10: Change ENGINE=InnoDB to ENGINE=MyIsam
42. Step 11: save it then click on next option of Next page
43. Step 12: Click on Install
44. Step 13: Remove the installation folder other next time it will open the same setup
45. Step 14: We get two interfaces one is of the index page or front page visible to users and the next is your admin panel
46. step 15: visit both of them and later on login to the Admin page then go to Extensions ---> templates ---> protostar ----> open details of theis template
47. Step 16: visit index.php
48. Step 17: open KALI and create a payload and save it in file and start listening
49. Step 18: copy the uploading script available at: https://github.com/ t3rabyt3/Gravy-Uploader
50. Step 19: paste it in the index.php i.e. replace the actual code with this
51. Step 20: refresh the user page
52. Step 21: we get the uploading option available and then we will upload the script created in Step 17.
53. Step 22: Now just open the file(malicious php code along which payload is embeded) present in the server to run your script
54. Stp 23:we run the script and on the other side we got the meterpreter session.
55. Step 24: ENJOY ... :)
56.  
57.  
58. Exploiting Joomla
59. ==================
60.  
61. Tools in use :
62. - Joomscan
63. - Dirb
64. - Nikto
65. - Uniscan
66.  
67. Joomscan : Tool created by OWASP for doing the fingerprinting of all the Joomla Websites.
68. Usage : joomscan --url "TargetUrl"
69. joomscan --url "TargetUrl" -ec
70.  
71. DIRB - Directory Bruteforce tool for sub directories of a domain.
72. Usage : dirb targeturl
73.  
74. NIKTO - Vulnerability Assessment tool for Websites.
75. Usage : nikto -h TargetUrl
76.  
77. Uniscan - All in one tool for a Web Application.
78. Usage : uniscan -u targeturl -qweds