Forum Thread: Newbie Site Hacking!

Right! So my IT teacher has challenged me to hack the school website. So ye I do have premison to pentest. I've founds some interesting thing about the site however I am not to sure where to go to from here. So I thought I'd ask some help from you guys! Stuff I know:

Its running joomla not to sure of version
Apache 2.2.3
OS linux
I have also found a couple of open tcp ports. And a filtered ssh port any suggestions?
Thanks
Dupheadss

4 Responses

If there are any input areas, try cross-site scripting (XSS). It is something that 90% of websites are vulnerable to, so you should definitely check it out.

If you have permission to do this, then you should not have to be stealthy, so you should try scanning the ports and services running on the server to find as much about them as possible. Versions are very important.

Hope I could help

Thanks but I couldn't really find any input areas besides the joomla admin login page as for the open ports:
PORT STATE SERVICE VERSION
22/tcp filtered ssh
25/tcp open smtp Sendmail (Not accepting mail)
80/tcp open http Apache httpd 2.2.3
110/tcp open pop3 Dovecot pop3d
143/tcp open imap Dovecot imapd
389/tcp filtered ldap
443/tcp open ssl/http Apache httpd 2.2.3
587/tcp filtered submission
1025/tcp open smtp Sendmail (Not accepting mail)
3306/tcp filtered mysql

Also if you know some of the services running on the server, try searching in exploit-db or cve-mitre. But make sure that you know what you're using since sometimes a failed exploit might lead to a total system failure.

Since you're allowed to do this and don't have to be quiet, you should try a vulnerability scanner like Nikto or Nessus. They find vulnerabilities (obviously), but they are known to report false positives. Find a vulnerability you like and test to see if it is actually present. And since the server is running MySQL, it might be vulnerable to SQL injection, which can be exploited with SQLmap

Share Your Thoughts

  • Hot
  • Active