Hi, I’m doing Attacking Common Applications module and I think that I need your help guys.
I’m stuck at Joomla - Discovery & Enumeration section. To be more specific, I have had some troubles with this question “Find the password for the admin user on http://app.inlanefreight.local”.
I’ve tried to use joomla-brute.py that was referenced in the section itself. Here is how I used it sudo python3 joomla-brute.py -u http://app.inlanefreight.local -w /usr/share/wordlists/rockyou.txt -usr admin.
I’ve tried many different wordlists and nothing seems to work, the only answers I got turned out to be false positives. I also tried to brute force it with hydra, but it was unsuccessful either.