Brute-force password auditing Joomla! installations

Joomla! is a very popular CMS that is used for many different purposes, including e-commerce. Detecting user accounts with weak passwords is a common task for penetration testers, and Nmap helps with that by using the NSE script http-joomla-brute.

This recipe shows how to perform brute force password auditing against Joomla! installations.

How to do it...

Open your terminal and enter the following command:

$ nmap -p80 --script http-joomla-brute <target>

All of the valid accounts that were found will be returned:

PORT     STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-joomla-brute:
|   Accounts
|     king:kong => Login correct
|   Statistics
|_    Perfomed 799 guesses in 501 seconds, average tps: 0

How it ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.