Today we are going to talk about open source CMS ( Content Management System ) platform which helps you to create a powerful website. In this article we will discussing on the installation, usage and reverse shell of joomla.

Joomla Platform

There have been lot of platform are available for web developing such as WordPress, Joomla, Drupal etc. Joomla is open source platform for creating a powerful website. It is CMS platform in which we can publish our web content. Working with joomla is like developing your site in few minutes. Similar as wordpress here you can find the best plugins which will help you to build a creative site. Here you can ready your site just few steps such as : select the theme, set the layout, modify the CSS, that’s it your sites is ready.

Requirement

Ubuntu = Installation or Testing
Kali = Attacker or Reverse Shell

Lets Begin,

Install PHP

Fire up on kali linux and navigate the terminal on desktop. Before do it you will need to these servers in ubuntu, Hence you can install by using the following command.

Log in the MySQL command line interface by execute the commands give below.

Now create the database, users and give the root privileges by using following command.

Download the latest version of joomla using wget command.

Now, we have to make a directory named as joomla.

Unzip the file in joomla directory by using command given below.

As you know that htaccess executed by apache web server and can be used in order to include or enable/disable additional feature in web server. So we need to change this filename.

Open your localhost IP address on browser and set username and password as per your comfort.

Here in database section you have to fills username and password which we created during MySQL setup. After enter the credentials click on install button.

Remove the installation file as shown below in the image.

Now, go to the administrator and enter the credentials to get login into joomla.

After successfully login into the joomla click on Extension option then click on template.

Select the template as your requirements.

Reverse Shell of Joomla

For the reverse shell of joomla you need to go on this directory and copy the content.

Paste it on the index.php file of template.

Here will be a loopback address show which you will need to convert to your localhost IP address and click on template option.

After that for connect with webserver you have to start netcat listener.

Meterpreter of Joomla Web Server

We can take the meterpreter of joomla web server using the metasploit framework. Hence we need to execute the following commands.

Vulnerabilities Scanner Joomscan

Joomscan is just like WPScan scanner because both are use to scan the vulnerabilities in website. But joomscan is specially for those website which is made on joomla cms platform.

Install the joomscan on kali linux by using the following command.

You can use the following command for find the vulnerability in website.

After the scan you can observed it given the directory list of webserver and show the vulnerability .

To find the vulnerable plugin or components you can use the following command.

Done !!

About the Author
Virat Sharma Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be contact on Linkedin.

2 thoughts on “Joomla : Reverse Shell, Installation and Testing”

Leave a Reply

Your email address will not be published. Required fields are marked *