Detection via unique keywords

Another way of determining the version of Joomla running on the web server is to look for specific keywords in the following files. These keywords are version-specific and some of them are listed in the table following this code block:

administrator/manifests/files/joomla.xml
language/en-GB/en-GB.xml
templates/system/css/system.css
media/system/js/mootools-more.jsh
taccess.txt
language/en-GB/en-GB.com_media.ini

The unique keyword details according to their Joomla version are as follows:

Joomla version	Unique keywords
Version 2.5	MooTools.More={version:"1.4.0.1"}
Version 1.7	21322 2011-05-11 01:10:29Z dextercowley 22183 2011-09-30 09:04:32Z infograf768 21660 2011-06-23 13:25:32Z infograf768 MooTools.More={version:"1.3.2.1"}
Version 1.6	20196 2011-01-09 02:40:25Z ian 20990 2011-03-18 16:42:30Z infograf768 MooTools.More={version:"1.3.0.1"}
Version 1.5	MooTools={version:'1.12'} 11391 2009-01-04 13:35:50Z ian
Version 1.0	47 2005-09-15 02:55:27Z rhuk 423 2005-10-09 18:23:50Z stingrey 1005 2005-11-13 17:33:59Z stingrey 1570 2005-12-29 05:53:33Z eddieajau 2368 2006-02-14 17:40:02Z stingrey 4085 2006-06-21 16:03:54Z stingrey 4756 2006-08-25 16:07:11Z stingrey 5973 2006-12-11 01:26:33Z robs 5975 2006-12-11 01:26:33Z robs

The following screenshot shows one of the keywords in the en-GB.ini file, which implies that the version is 1.6:

In the next section, we will look at carrying out reconnaissance on Joomla using Metasploit.