Brute-force password auditing Joomla! installations

Joomla! is a very popular CMS that is used for many different purposes, including e-commerce. Detecting user accounts with weak passwords is a common task for penetration testers, and Nmap helps with that by using the NSE script http-joomla-brute.

This recipe shows how to perform brute force password auditing against Joomla! installations.

How to do it...

Open your terminal and enter the following command:

$ nmap -p80 --script http-joomla-brute <target>

All of the valid accounts that were found will be returned:

PORT     STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-joomla-brute:
|   Accounts
|     king:kong => Login correct
|   Statistics
|_    Perfomed 799 guesses in 501 seconds, average tps: 0

How it ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nmap 6: Network Exploration and Security Auditing Cookbook by Paulino Calderon Pale

Brute-force password auditing Joomla! installations

How to do it...

How it ...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly