Joomla:

3.5% of CMS market share-

100% free

Used by eBay, Yamaha, Harvard, UK Gov

Discovery

Version printing:

curl -s <http://dev.inlanefreight.local/administrator/manifests/files/joomla.xml> | xmllint --format -

Enumeration

Note: This module uses a legacy Python version, I prefer to use joomscan

pip3 install droopescan
droopescan scan joomla --url <http://dev.inlanefreight.local/>

BruteForce

 droopescan scan joomla --url <http://dev.inlanefreight.local/>

Example:

python3 joomla-brute.py -u <http://dev.inlanefreight.local> -w /usr/share/metasploit-framework/data/wordlists/http_default_pass.txt -usr admin
 

Writeup