Brute-force password auditing Joomla! installations
Joomla! is a very popular CMS that is used for many different purposes, including e-commerce. Detecting user accounts with weak passwords is a common task for penetration testers, and Nmap helps with that by using the NSE script
This recipe shows how to perform brute force password auditing against Joomla! installations.
How to do it...
Open your terminal and enter the following command:
$ nmap -p80 --script http-joomla-brute <target>
All of the valid accounts that were found will be returned:
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-joomla-brute: | Accounts | king:kong => Login correct | Statistics |_ Perfomed 799 guesses in 501 seconds, average tps: 0