Skip to content

Lab8

All documentation is written in markdown format

Joomla Accounts That Do Need a Password Reset Are Marked for One

  1. Log into Domain Controller
  2. Open Server Manager
  3. Open Tools > Active Directory Administrative Center
  4. Browse Domain Users
  5. Jot down users for later /home/playerone/Desktop/users.txt file on Security-Desk computer
  6. On Security-Desk launch attack against Joomla server
  7. nmap -sV 172.16.10.100 --script http-joomla-brute --script-args userdb=/home/playerone/Desktop/users.txt,passdb=/usr/share/wordlists/rockyou.txt
  8. Try logins in Joomla website login http://172.16.10.100/index.php?option=com_users&view=login
  9. Login to Joomla administrative panel http://172.16.10.100/administration
  10. Select users with pwn'd passwords
  11. Batch update > Require Password Reset = Yes

Users

These are the users in the users.txt file

asteele
fileshare
Guest
jsmith
jraffin
jcortes
krbtgt
manderson
nkeefe
playerone
rcortes
sec-desk
skeefe
sshd
sshd_server
tclark

AD Accounts That Do Need a Password Reset Are Marked for One

  1. On Security-Desk, launch attack against Domain Controller with SMB connections
  2. hydra -L /home/playerone/Desktop/users.txt -P /usr/share/wordlists/rockyou.txt 172.16.30.55 smb
  3. Mark bad accounts in AD
  4. Active Directory Users and Computers > Right Click Properties > Check User must change password at next login

Commands on MSFconsole

Contents of users.txt:

asteele
fileshare
Guest
jsmith
jraffin
jcortes
krbtgt
manderson
nkeefe
playerone
rcortes
sec-desk
skeefe
sshd
sshd_server
tclark

cd Desktop
vim users.txt
msfconsole

# once metasploit has been entered
msf> spool /home/playerone/Desktop/msfout.txt
msf> use auxiliary/scanner/http/joomla_bruteforce_login
msf> set RHOSTS 172.16.10.100
run