Initial Foothold: Hello everyone. Today we are going to work on Blunder. As always the first step is Recon! Time to see what ports do we have open on that box. In the picture bellow you can see the nmap command I used. Well we have only one open port and that is port 80. This scan shows us also the server version and some headers. Usually when I am on a box with open port 80 I like to visit the page and see what it contains. OK … that is what we have. A page with articles. My clicking on the links we just go to more detail…
-
-
Protection ByPass and Brute Force attack – Bludit v. 3.9.2
So this post will describe a how to bypass protection in Bludit CMS v. 3.9.2 that is if you have a username. After managing to find the password I will discuss what metasploit module can help you to get a reverse shell. So, lets begin. If we check the documentation that Bludit provides we can see how they are preventing brute force attacks. Here is a screenshot and the link if you want to read through the whole documentation. https://docs.bludit.com/en/security/brute-force-protection After some googling I found a script that I just edited. I will post the script here and the link to the original article. https://rastating.github.io/bludit-brute-force-mitigation-bypass/ What you will need to…