Hacking A Drupal Website | Drupalgeddon2
Вставка
- Опубліковано 21 кві 2022
- In this video, I demonstrate the process of hacking a Drupal 7.X website by leveraging the Drupalgeddon2 exploit.
//LINKS
Drupalgeddon2 Exploit: github.com/dreadlocked/Drupal...
Get started with Intigriti: go.intigriti.com/hackersploit
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/3yagvix
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#Pentesting#Cybersecurity - Наука та технологія
As this only affects an older unsupported version of Drupal, it's a good reminder how important it is to keep things up to date.
Thank you for your video. As a drupal developer for many years, It makes me to take much more carefully about the security.
Man your content is amazing...
Interesting video, a good demo of privesc techniques. I particularly enjoyed your noble attempts at manual exploit, it is a pity that an automated exploit was needed in the end. Did you ever fix the manual attempts (either 'exploit.exe whoami' or 'exploit.exe esc.exe')?
SIR KINDLY TELL FROM WHERE WE CAN GET UPDATES ABOUT NEW TOOLS ,NEW METHODS (LIKE WIRESHARK,METASPLOIT etc) in cyber security or Ethical Hacking. From where we can get updates regarding new attacks,malware,ransomeware and how they deal it .
TO GET DAILY UPDATE
KINDLY PLEASE REPLY
As a Drupal developer, I find this fascinating. It's important to see what we could be exposed to if we don't keep our sites up to date.
:D TTypical response from a Drupaler.
We use a system where no one knows what security risks will be exposed next. So we trust it even more :D.
The problem is that this is often bad code en masse. So give us more of it :D. Then we can sell it. (rubbing hands)
The idea of simply avoiding such out-of-the-box systems like the devil avoids holy water, instead learning to code properly and developing stable pages and apps yourself with e.g. Symfony Framework, does not occur to you.
These security issues are actually only about the core!!!! With all the badly maintained modules in the Drupal environment, you can imagine what kind of security gaps you invite with every composer req - drush en. But safety doesn't matter. only the price. Until the site is hacked :D.
When you run a d7 you completly lost
i know few clients still using d7 and d8 with no security updates
@@Immortal-pu8gr D7 is still maintained, though it's up to site maintainers to keep their sites up to date and install the latest D7 updates.
D8 is long out of support, so definitely not recommended.
Having an out of date site might no be an issue. Your site certainly won't immediately stop working. But you are rolling a dice, and taking a chance that nobody will target your site, or find an unpatched security hole. Better to keep up to date and not take the chance.
What about Drupal 8.x.x ? What authentication should be used
which directory can i browse to gather emails adresses?
@HackerSploit i love your videos
What about if you are using linux server? Its not recommended to run Drupal on Windows.
Much better than tutorials
Create same for WordPress and other cms
How are you getting your IP on the WAN?
A beautiful video my friend :) I enjoyed watching your videos so far.... thanks for sharing :).,.,.
Hey hackersploit. Idk if u remember me but u played on my minecraft server a while ago. hope ur doing well. still enjoying ur videos.
Great. Can you please do a video about pentesting report writing?
Question, please, I want to know how to hack UA-cam channels. I really need a way. My channel was stolen. Is there a way to get out. channel email
This gentleman decide to blind us at *16:52* 😵
A 2018 D6-8 exploit discussed in 2022 hmm
Wondering the same thing.
A lot of websites still not updated.
@@mikelander maybe with Wordpress but not in the Drupalsphere where I’m from. Patch Tuesday is a drop everything and get it done day. Then again we’re using Composer to maintain Drupal 9 websites and it’s pretty efficient at getting the job done.
please upload further more videos ...
Do Web security series continue
First of all - great video! I enjoyed it a lot.
As for the hack, I may have gotten this wrong, but you were hacking the Windows server, not Drupal itself.
It's important to say that Drupal has an extremely good security team, and keeping your Drupal up to date usually protects you from most evil.
However if the server is hacked, then you're pretty much fu***...
Another small comment, the X-GENERATOR header is often available directly in the HTML head so your first part can be shorten slightly.
Question, please, I want to know how to hack UA-cam channels. I really need a way. My channel was stolen. Is there a way to get out. channel email
awsome content ive never heard of drupal
Great video ! thx ! But it is a Windows server hack, not an hack for a Drupal site instance :/. Furthermore, most of the servers runs on unix system :)
Sir my problem is little than a slice of cake can solve it if you can then reply me I will say you about my problem please help me
Your are my last hope
I completely died when this security issue got released. Had to update 40 websites in a single night.
alias up="sudo python3 -m http.server 80"
Any way possible to get HTB pro for free easily?
Yes there are, purchase it.
@@ri0tsun So funny Bro No shortcuts LOL
You buy its not that expensive lol
I like it, I like it a lot actually
You are a crack man! Thank you for all those videos !! Peace And love from Israel 💙🙏
👏👏👏👏👏
Thks bro☕
sad is that you can't show real hacking because its brakes google rules
👍
Thanks
lol - "Wordpress ist the de facto standard for content mangement systems"
De facto, Wordpress ist the biggest crap outside - but it's popular, because every imbecile can click a website together with it. Comparing Drupal and Wordpress ist not even a real comparison. It's like comparing a Porsche GT and a rusty bike with a flat tire...
Yes. "WordPress is just not a CMS." Because it's not secure.
Tnx bro❤
good thank you bro❤
Great
Nice 👍
Excellent ❤❤❤
Amazing sir best video
First comment 😌
mmmmmm
@@user-gp3zx1zq2u السلام عليكم سؤال 🤔
@@user-ws6wd3mk4c وعليكم والسلام اخي تفضل
@@user-gp3zx1zq2u تعرف بلهكر، ،،
Holly molly! You use some special app to see http response headers! Unbelievable! You are so cool!
Really - you aren't.