Attacking Joomla

                   

 

                                            Joomla - Discovery & Enumeration

previous attacking an applications the first step is that the enumerate the applications that which cms is used or which kind of technology has been used for it. if we can successfully enumerate it core and vulnerability it is to us exploit it . Let's assume that we come across an e-commerce site during an external penetration test. At first glance, we are not exactly sure what is running, but it does not appear to be fully custom. If we can fingerprint what the site is running on, we may be able to uncover vulnerabilities or misconfigurations. Based on the limited information, we assume that the site is running Joomla, but we must confirm that fact and then figure out the version number and other information such as installed themes and plugins. so let's enumerate the technology and other things. in wordpress hacking modules we see that how to find out the technology which is use to build it. so you can use extentions like builtwith, wappalyzer or whatweb etc. 

or you can try with robots.txt ,xml file, REDME.txt file where you could be see the cms name with version.