Register In /user/register just try to create a username and if the name is already taken it will be notified:
The name admin is already taken.
Request new password If you request a new password for an existing username:
Unable to send e-mail. Contact the site administrator if the problem persists.
If you request a new password for a non-existent username:
Sorry, loremipsum is not recognized as a user name or an e-mail address
Number of users enumeration
/user/<number> you can see the number of existing users, in this case is 2 as
/users/3 returns a not found error:
Hidden pages enumeration
Fuzz /node/$ where $ is a number (from 1 to 500 for example). You could find hidden pages (test, dev) which are not referenced by the search engines.
Installed modules info
#From https://twitter.com/intigriti/status/1439192489093644292/photo/1 #Get info on installed modules curl https://example.com/config/sync/core.extension.yml curl https://example.com/core/core.services.yml # Download content from files exposed in the previous step curl https://example.com/config/sync/swiftmailer.transport.yml
Code execution inside Drupal with admin creds
You need the plugin php to be installed (check it accessing to /modules/php and if it returns a 403 then, exists, if not found, then the plugin php isn't installed) Go to Modules -> (Check) PHP Filter -> Save configuration
Dump users from DB