{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《Nmap http-joomla-brute script example?》','https://www.manongdao.com/q-749546.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
This is a relatively obscure topic, but any help is nevertheless appreciated.
I am trying to run a brute force test on my website's Joomla login. I was trying to use nmap's http-joomla-brute, but for some reason it does not output neither the process nor does it actually do the brute force with the password list I gave it. Here is my script:
nmap -sV --script http-joomla-brute --script-args 'passdb=/Users/abc/Documents/passwords.txt,http-joomla-brute.threads=5,brute.firstonly=true' my.website.here.
I think it only runs the initial testing(which is really annoying BTW, does anyone have a way to avoid/skip it?) and the default password list, because it shows something like "1495 passwords tested" and my password list is 496 MB and definitely more than 1495 passwords. What am I doing wrong?
Thank you in advance.
EDIT: Fixed the script partially running, but now it does this:
Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-02 19:39 EDT
Stats: 0:02:21 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:03:41 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:46 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:07:18 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:15:55 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:16:03 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:17:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:06 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
I don't think this is normal. Is there a way to fix this?
See the documentation for the unpwdb NSE library, which
http-joomla-bruteuses to manage usernames and passwords. It defaults to a 10-minute time limit, after which it stops returning credentials. If you really want to run it until it is finished, pass theunpwdb.timelimit=0script argument to disable the timer.Regarding the "initial checks" that you would like to skip, simply drop the
-sVfrom your invocation, which will remove the service version detection phase of the scan, and add-p 80to instruct Nmap to only scan port 80 (or whatever port your Joomla app is running on).