Once we have CMSmap ready to run, start bee-box. In this example, it will have the IP address 192.168.56.12.
- Browse to http://192.168.56.12/drupal/ to verify that there is a running version of Drupal. The result should be as shown:
- Now, launch the scanner against the site. Open a Terminal, go to the directory where CMSmap was downloaded, and run the python cmsmap.py -t http://192.168.56.12/drupal command. The following screenshot displays how the result should look:
We can see some vulnerabilities ranked high (the red [H]). One of them is SA-CORE-2014-005; a quick Google search will tell us that it is an SQL injection and this vulnerability is also nicknamed Drupageddon (the same name as our target site, coincidentally).
- Now, let's see if there's an easy way to exploit this well-known flaw. Open Metasploit's console (msfconsole) and search for drupageddon; you should find at least one exploit, shown as follows:
- Use the multi/http/drupal_drupageddon module and set the options according to the scenario, using a generic reverse shell. The next screenshot shows the final setup:
- Run the exploit and verify that we have command execution, shown as follows: