5.-Drupal-discovery-and-enumeration

1. Basic Drupal Identification:

curl -s http://drupal.inlanefreight.local | grep Drupal
#   - Check HTML source for Drupal metadata.
curl -s http://drupal.inlanefreight.local/robots.txt
#   - Analyze robots.txt for disallowed directories and node references.
curl -s http://drupal.inlanefreight.local/node/1
#   - Check for node paths (common Drupal URL structure).
curl -s http://drupal.inlanefreight.local/CHANGELOG.txt
#   - Check for version information (may be blocked).

2. Drupal Version Enumeration:

droopescan scan drupal -u http://drupal.inlanefreight.local
#   - Use droopescan for automated version detection and module/theme enumeration.
curl -s http://drupal.inlanefreight.local/core/assets/vendor/jquery/jquery.min.js | grep "Drupal"
#   - Check JavaScript files for version information.
curl -s http://drupal.inlanefreight.local/rss.xml | grep generator
#   - Check RSS feeds for generator metadata.

Database Version check (if access gained):

SELECT version FROM system;

3. Drupal Module Enumeration:

curl -s http://drupal.inlanefreight.local/modules/
#   - List modules directory contents.
curl -s http://drupal.inlanefreight.local/modules/[module_name]/[module_file].js
#   - Check for module-specific JavaScript files.
curl -s http://drupal.inlanefreight.local/modules/[module_name]/[module_file].css
#   - Check for module-specific CSS files.
curl -s http://drupal.inlanefreight.local/modules/[module_name]/[module_file].info.yml
#   - Check for module version information.

4. Drupal Theme Enumeration:

curl -s http://drupal.inlanefreight.local/themes/
#   - List themes directory contents.
curl -s http://drupal.inlanefreight.local/themes/[theme_name]/style.css
#   - Check style.css for theme version.
curl -s http://drupal.inlanefreight.local/themes/[theme_name]/[theme_file].info.yml
#   - Check for theme version information.

5. Drupal Configuration File Check:

curl -s http://drupal.inlanefreight.local/sites/default/settings.php
#   - Check for exposed settings.php or other configuration files.

6. Drupal User Enumeration:

curl -s http://drupal.inlanefreight.local/?q=user
#   - Check for publicly visible user profiles.
curl -s http://drupal.inlanefreight.local/user/1
#   - Test default admin user enumeration.

7. Drupal REST API Enumeration:

curl -s http://drupal.inlanefreight.local/rest/user/login_status?_format=json
#   - Enumerate the Drupal REST API if enabled.
curl -s http://drupal.inlanefreight.local/rest/
curl -s http://drupal.inlanefreight.local/rest/export?_format=json
#   - Check for publicly accessible REST export endpoints.

8. Drupal Content Enumeration:

curl -s http://drupal.inlanefreight.local/node/2
#   - Check if sequential node IDs exist.
curl -s http://drupal.inlanefreight.local/node.json
#   - Check if Drupal JSON API is enabled.

9. Drupal Backup & Debug Files Enumeration:

curl -s http://drupal.inlanefreight.local/sites/default/files/backup.sql
#   - Check for exposed database backups.
curl -s http://drupal.inlanefreight.local/phpinfo.php
#   - Test for exposed phpinfo() (debugging enabled).

10. Drupal Admin Panel Access Check:

curl -s http://drupal.inlanefreight.local/user/login
#   - Check if login page is accessible.
curl -s http://drupal.inlanefreight.local/admin
#   - Check for direct access to admin panel.

11. Drupal GraphQL API Enumeration (if enabled):

curl -X POST http://drupal.inlanefreight.local/graphql -H "Content-Type: application/json" --data '{"query":"{__schema { types { name } }}"}'
#   - Check for exposed GraphQL endpoint.

12. Robots.txt Analysis:

curl -s http://drupal.inlanefreight.local/robots.txt
#   - Analyze robots.txt for sensitive disallows or revealing paths.

Important Details & Considerations:

JavaScript Versioning: Check core and theme JavaScript for Drupal version.
Module Versioning: Find exact module versions using .info.yml or similar files.
Theme Versioning: Check style.css or .info.yml for theme versions.
Drupal File Structure: Understand core directories like /modules/, /themes/, and /sites/.
robots.txt: Pay close attention to disallowed directories that may reveal sensitive information.
Drupal REST API: If enabled, thoroughly enumerate the REST API.
Database Version: If database access is gained, query the system table for the Drupal version.
User Enumeration: Identify publicly accessible user profiles and potential admin accounts.
Service Endpoints: Check REST endpoints for exposed sensitive data.
Content Enumeration: Investigate sequential node IDs and JSON API exposure.
Backup & Debug Files: Identify any misconfigured backups or exposed debugging information.
Admin Access: Determine if direct access to the admin panel is possible.
GraphQL API: Enumerate GraphQL endpoints for schema exposure.

Previous4.-Attacking-joomla Next6.-Attacking-drupal

Last updated 8 months ago

hashtag1. Basic Drupal Identification:

hashtag2. Drupal Version Enumeration:

hashtag3. Drupal Module Enumeration:

hashtag4. Drupal Theme Enumeration:

hashtag5. Drupal Configuration File Check:

hashtag6. Drupal User Enumeration:

hashtag7. Drupal REST API Enumeration:

hashtag8. Drupal Content Enumeration:

hashtag9. Drupal Backup & Debug Files Enumeration:

hashtag10. Drupal Admin Panel Access Check:

hashtag11. Drupal GraphQL API Enumeration (if enabled):

hashtag12. Robots.txt Analysis:

hashtagImportant Details & Considerations:

1. Basic Drupal Identification:

2. Drupal Version Enumeration:

3. Drupal Module Enumeration:

4. Drupal Theme Enumeration:

5. Drupal Configuration File Check:

6. Drupal User Enumeration:

7. Drupal REST API Enumeration:

8. Drupal Content Enumeration:

9. Drupal Backup & Debug Files Enumeration:

10. Drupal Admin Panel Access Check:

11. Drupal GraphQL API Enumeration (if enabled):

12. Robots.txt Analysis:

Important Details & Considerations: