Problem: during a penetration test i faced a buggy Joomla installation. Joomla version was 3.6.4 and was vulnerable to CVE-2016-8869 . I created an administration account using metasploit module but wait !?
I couldn’t upload a WebShell . i used .pht method with no luck . i had no access to template source files.
Continue reading “From administrator to SuperUser Joomla <= 3.6.4”
Few weeks ago when i was performing a penetration test on one of our clients network , i wanted to use reGeorg script ( from SensePost ) for setting up a SOCKS proxy on target web server but i encountered a problem. The writable folder that i uploaded tunnel.aspx file was behind a basic authentication! Continue reading “SensePost reGeorg Script Basic Authentication”