Upload backdoor in joomal 1.5

Thursday, February 9, 2012 // by Hacking Beast Editor // Labels: servers, sql, tips and tricks, tools, ubuntu hacking, vulnerability // 0 comments

What you need ?
1. You must have an administrator access for any joomla website, find your own vulnerable target, inject it, crack the password and then login to the joomla administrator
2. The target must be 1.5.x version ( but its also work on 1.6.x, try it up :p )
3. You need my cracking modules who can download at the link bellow ( shell has been include on the modules package )
4. Ready to uploading backdoor !!!!

How to prepare and make your own cracking modules ?

1. Download any joomla modules form legal vendor and extract it
2 For example i use mod_spo_1.5.16.zip

Credit to :
* Author:    Omar Muhammad
* Email:    admin@omar84.com
* Website:    http://omar84.com
* Module:    Simple Page Options
* Version:    1.5.16
* Date:        7/2/2010

This module is free, thanks mr.omar :):):)

3. Extract the package module and edit setup .XML ( look at the picture bellow )

Joomla modules always have a setup file on the XML format, you can find it in the package file, open this file with notepad ++ or dreamweaver and edit some code line.

4. Then look at this line bellow:
===========================================
<files>
        <filename module="mod_spo">mod_spo.php</filename>
        <filename>omartools.js</filename>
        <filename>YCL.php</filename>
        <filename>email_sender.php</filename>
        <filename>images/favs.png</filename>
        <filename>images/home.png</filename>
        <filename>images/page.png</filename>
        <filename>images/print.png</filename>
        <filename>images/share.png</filename>
        <filename>images/pdf.png</filename>
        <filename>images/top.png</filename>
        <filename>images/email.png</filename>
        <filename>images/contact.png</filename>
        <filename>images/po_title.png</filename>
        <filename>images/po_title_ie.png</filename>
        <filename>images/po_close.png</filename>
        <filename>images/po_close_ie.png</filename>
        <filename>images/blogger.png</filename>
        <filename>images/del.png</filename>
        <filename>images/digg.png</filename>
        <filename>images/diigo.png</filename>
        <filename>images/facebook.png</filename>
        <filename>images/furl.png</filename>
        <filename>images/google.png</filename>
        <filename>images/live.png</filename>
        <filename>images/mixx.png</filename>
        <filename>images/myspace.png</filename>
        <filename>images/reddit.png</filename>
        <filename>images/spinner.gif</filename>
        <filename>images/stumble.png</filename>
        <filename>images/twitter.png</filename>
        <filename>images/ybuzz.png</filename>
        <filename>images/firefox.png</filename>
        <filename>images/flock.png</filename>
        <filename>images/chrome.png</filename>
        <filename>images/opera.png</filename>
        <filename>images/safari.png</filename>
        <filename>images/iexp.png</filename>
        <filename>languages/arabic.php</filename>
        <filename>languages/brazilian_portuguese.php</filename>
        <filename>languages/czech.php</filename>
        <filename>languages/dutch.php</filename>
        <filename>languages/english.php</filename>
        <filename>languages/finnish.php</filename>
        <filename>languages/french.php</filename>
        <filename>languages/german.php</filename>
        <filename>languages/greek.php</filename>
        <filename>languages/hungarian.php</filename>
        <filename>languages/italian.php</filename>
        <filename>languages/norwegian.php</filename>
        <filename>languages/polish.php</filename>
        <filename>languages/romanian.php</filename>
        <filename>languages/russian.php</filename>
        <filename>languages/serbian.php</filename>
        <filename>languages/spanish.php</filename>
        <filename>languages/swedish.php</filename>
        <filename>languages/turkish.php</filename>
        <filename>languages/ukrainian.php</filename>
    </files>
==============================================
Thats a list of file who will uploaded to [modules] directory, all of file must be setting up here, the red line will describe my shell file ( YCL.php ). Include your own shell name there and save the xml.
5. Package all of modules file into .zip format
6. Ready to upload :):):)

How to upload ????
1. Login into your administrator page ( for example i use www.ccvmotogarage.com hihihihihi )
2. Select menu Extension >> Install/Uninstall

3. Browse your modules package and click Upload and Install button ( Wait in the few time and call url for the test )

4. You can find your shell here www.your-target/modules/mod_spo/shell.php
5. When you found your shell interface on the browser, mean you have successfully uploading backdoor :):):)

Okay, you can view my sample backdoor here , but if someday you got brokenlink, you can see the example capture at the picture bellow

The content on Hacking Beast like Hacking Articles, Cyber News etc are provided by many sources ( email,messages,internet etc) , we do not take any responsibility of your activities. The news provided by us on this site is gathered from various sources. if any person have some FAQ's in their mind they can Contact Us. and you can also read our Disclamier for more info. Thank You !

If you enjoyed Hacking Beast Articles , Make sure you subscribe to our RSS feed. Stay Updated about latest Hacking News, Tips and Tricks,and Cyber News.! and recieve all our emails and latest posts directly in your inbox to enjoy fast and easy reading . Thank You!

• Twitter • Stumbleupon • Digg • Delicious • Facebook

Upload backdoor in joomal 1.5

0 comments:

Post a Comment

Like us on FB

Popular Posts

Translate

Labels