Found admin panel, now what?

あなたたちはばかだ。
はっかーじゃない。
しんでください。

(10-12-2013, 08:46 AM)foxhound Wrote:

[To see links please register here]

well of course i always after the reward but in my case XSS just don't work...it is a really simple site, a sales page, but for me is really hard, i don´t like brute force but how can i do when the site seems to have no vulns? is this possible?

You don't have to like it, you just have to be able to do it.

---

(10-12-2013, 01:41 AM)foxhound Wrote:

[To see links please register here]

i am interested in the answers to come, i'm kind stuck there to. Have a target, run a few scans, get to know the server but, nothing seems week, tried several exploits with metasploit but nothing, even armitage fail too, the only thing left for me was, since the site was on WordPress use wpscan and go for the brute force, but gain....it takes forever, and using VPN also sometimes get stuck, i use little python from this great forum! to split large password list, so i split rockyou in like 25 lists, but still is very hard because some times its freeze so...after trying less of 20% with no success i give up here too...soooo good luck and hope we can get trough this! May add that LFI/RFI ,SQLI or XSS didn't work for me in first place!

good hunting!

Armitage is just a GUI for metasploit, so obviously you wouldn't have different results.

If the admin panel is a Wordpress Then it would be a piece of Cake t bruteforce .

(10-12-2013, 01:41 AM)foxhound Wrote:

[To see links please register here]

i am interested in the answers to come, i'm kind stuck there to. Have a target, run a few scans, get to know the server but, nothing seems week, tried several exploits with metasploit but nothing, even armitage fail too, the only thing left for me was, since the site was on WordPress use wpscan and go for the brute force, but gain....it takes forever, and using VPN also sometimes get stuck, i use little python from this great forum! to split large password list, so i split rockyou in like 25 lists, but still is very hard because some times its freeze so...after trying less of 20% with no success i give up here too...soooo good luck and hope we can get trough this! May add that LFI/RFI ,SQLI or XSS didn't work for me in first place!

good hunting!

Maybe they have basic security precautions in place.
Try to social engineer the admin. If you can get an email address that is.

hello folks!

i know Armitage is just a GUI for metasploit...but armitage is more automatic kind, that's why i mention i used it, i maned, two ways of using exploits trough metasploit failed....as for the brute force, well i don't like it because its too buggy for me, since its stacks randomly in the process but...i am just about trying it in Kali with a different configuration and will let it running for the weekend and try to get better results jeje

as for the social engineeriing, well that i dont will try i dont like it , i know is probably one of the best shoots but not my kind...sure stuxnets probably reach its goal with some of that, may be a pen drive in the parking or something like that...

happy hunting!