Drupal exploitation/enumeration
Github: drupwn
In order to make this exploit working first run the python setup.py script:
1
python setup.py install
Then run the enumeration/exploitation binary with this command:
1
./drupwn --target http://10.0.160.196 --mode <exploit/enum>
Finally use the wizard instructions:
1
Commands available: list | quit | check [CVE_NUMBER] | exploit [CVE_NUMBER]
Example: ECHO CTF tweek