Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Joomla SQLi to PHPExec
From: Joshua Smith <lazydj98 () gmail com>
Date: Tue, 15 Jan 2013 11:09:35 -0600

Why does it say *] Started reverse handler on 127.0.0.1:4444 ?
If it's a public IP, do you control it?  Is there infrastructure between you and it that could be blocking it?

-Josh

On Jan 15, 2013, at 10:54 AM, NeonFlash wrote:

Hi Josh,

RHOST is set to the domain name of the site which is then resolved automatically to the Public IP Address when I run 
the exploit.

I can setup another vulnerable installation on my local network and try it out. However, I was wondering why the 
connection to the Public IP is failing even when I am able to connect successfully using browser or command line?

I even tried increasing the timeout value to 360 from 15 and even then I receive the same connection error.

I believe this line:

[*] Started reverse handler on 192.168.2.7:4444 

indicates that 192.168.2.7 is the LHOST on which metasploit is running.

Thanks.

From: Joshua Smith <lazydj98 () gmail com>
To: framework () spool metasploit com 
Sent: Tuesday, January 15, 2013 10:17 PM
Subject: Re: [framework] Joomla SQLi to PHPExec

Are you setting RHOST to 127.0.0.1?  Generally metasploit doesn't handle 127.0.0.1.  You can *sometimes* substitute 
127.0.1.1 which or any other localhost address.
Try running your joomla instance on one of your proper IP addresses and trying it again.  You can then tear down the 
joomla instance so as not to get exploited by others.

-Josh


On Jan 15, 2013, at 10:39 AM, NeonFlash wrote:

hello,

I am using the joomla_filter_order exploit. I got the link to the exploit module from here:

http://0x6a616d6573.blogspot.in/2011/04/joomla-160-sql-injection-analysis-and.html

Now, I am using it to test the vulnerability in a Joomla 1.6 installation.

the default options are being used for the exploit module.

only RHOST option was modified to the site name.

However, when I run the exploit, I keep receiving a timeout connection. After several attempts, it was able to send 
out a GET request to the site to detect the version of Joomla running. However, it again gives a connection timeout 
error and fails.

I am able to open the site from my browser without any issues and also ping it.

I ran wireshark while the exploit module was running and after sending the first GET request to the Joomla site, it 
doesn't send any traffic after that to the destination site.

Here is the output of the exploit module:

[*] Started reverse handler on 127.0.0.1:4444 
[*] Initializing exploit code ...
################################################
# Joomla! 1.6.0 SQL Injection -> PHP execution #
################################################
# By James Bercegay # http://www.gulftech.org/ #
################################################
[*] Attempting to determine Joomla version
[*] The target is running Joomla version : 1.6
[-] Exploit exception: The connection timed out (salt-earth.com:80).
[*] Exploit completed, but no session was created.

I checked the code of the module and modified the timeout in GET wrapper here:

325:    def http_get(url, headers = {}, timeout = 60)
357:        }, timeout)

Even then, the exploit times out.

Any suggestions?

Thanks.





_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault