Right! So my IT teacher has challenged me to hack the school website. So ye I do have premison to pentest. I've founds some interesting thing about the site however I am not to sure where to go to from here. So I thought I'd ask some help from you guys! Stuff I know:
Its running joomla not to sure of version
Apache 2.2.3
OS linux
I have also found a couple of open tcp ports. And a filtered ssh port any suggestions?
Thanks
Dupheadss
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
Forum Thread:
Hacking with Ip Only Part [1] { by : Mohamed Ahmed }
5
Replies
How To:
Dox Anyone
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How To:
Phish for Social Media & Other Account Passwords with BlackEye
How To:
Crack Shadow Hashes After Getting Root on a Linux System
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
How To:
Top 10 Things to Do After Installing Kali Linux
How To:
Use Kismet to Watch Wi-Fi User Activity Through Walls
How To:
Hack 5 GHz Wi-Fi Networks with an Alfa Wi-Fi Adapter
How To:
Use John the Ripper in Metasploit to Quickly Crack Windows Hashes
How To:
Find Hidden Web Directories with Dirsearch
How To:
Securely Sync Files Between Two Machines Using Syncthing
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Brute-Force Nearly Any Website Login with Hatch
Hacking Windows 10:
How to Dump NTLM Hashes & Crack Windows Passwords
How To:
Exploit WebDAV on a Server & Get a Shell
4 Responses
If there are any input areas, try cross-site scripting (XSS). It is something that 90% of websites are vulnerable to, so you should definitely check it out.
If you have permission to do this, then you should not have to be stealthy, so you should try scanning the ports and services running on the server to find as much about them as possible. Versions are very important.
Hope I could help
Thanks but I couldn't really find any input areas besides the joomla admin login page as for the open ports:
PORT STATE SERVICE VERSION
22/tcp filtered ssh
25/tcp open smtp Sendmail (Not accepting mail)
80/tcp open http Apache httpd 2.2.3
110/tcp open pop3 Dovecot pop3d
143/tcp open imap Dovecot imapd
389/tcp filtered ldap
443/tcp open ssl/http Apache httpd 2.2.3
587/tcp filtered submission
1025/tcp open smtp Sendmail (Not accepting mail)
3306/tcp filtered mysql
Also if you know some of the services running on the server, try searching in exploit-db or cve-mitre. But make sure that you know what you're using since sometimes a failed exploit might lead to a total system failure.
Since you're allowed to do this and don't have to be quiet, you should try a vulnerability scanner like Nikto or Nessus. They find vulnerabilities (obviously), but they are known to report false positives. Find a vulnerability you like and test to see if it is actually present. And since the server is running MySQL, it might be vulnerable to SQL injection, which can be exploited with SQLmap
Share Your Thoughts