O
O
OSCP Notes
Search
⌃K
Introduction
Port scanning
Passive Information Gathering
Ports enum:
Recon Tools
Tech Skills Needed
msfvenom
meterpreter commands
Web Apps
General methods
phpmyadmin
cgi priv esc
Phreesoft 5.2.3
Webmin
ColdFusion 8
Wordpress
Mysql commands
xampp
Elastix
Drupal (CMS)
SQL & LFI
LFI
RFI
wfuzz
Manual SQL injection
Port Swigger SQL
php hacks
XSS
XML file upload RCE
Postgress creds found?
mongo db creds found?
base64 encoded Web bruteforcing
Web app source
uploading img as php
iframe technique
python scripts
Windows hacks
Port Forwarding
Reverse shells
Binary exploitation
Transfering Modules
Buffer Overflow
Cracking!
shellshock
Active Directory
Antivirus Evasion
Windows Priv Esc
Linux Priv Esc
Active Directory Case Studies
Pivoting
C program analysis
Misc
Hack the box Write-ups
THM Offensive Security Path
Proving Ground
Cyber Sec Labs
Powered By GitBook

Drupal (CMS)

Frist check changelog.txt to see the version.
try admin / [email protected] default creds
​
Drupalgeddon exploit RCE maybe the one to go.
drpalgeddon2.rb github
you might need to install highline (google the error)
or
drupscan
​
if it's 7 <= 7.57, the following script should work.
GitHub - pimps/CVE-2018-7600: Exploit for Drupal 7 <= 7.57 CVE-2018-7600
GitHub
​
Previous
Elastix
Next
SQL & LFI
Last modified 10mo ago
Copy link