Re: Joomla SQLi to PHPExec

[Joshua Smith <lazydj98 () gmail com>]

Why does it say *] Started reverse handler on 127.0.0.1:4444 ?
If it's a public IP, do you control it?  Is there infrastructure between you and it that could be blocking it?

-Josh

On Jan 15, 2013, at 10:54 AM, NeonFlash wrote:

> Hi Josh,
>
> RHOST is set to the domain name of the site which is then resolved automatically to the Public IP Address when I run 
> the exploit.
>
> I can setup another vulnerable installation on my local network and try it out. However, I was wondering why the 
> connection to the Public IP is failing even when I am able to connect successfully using browser or command line?
>
> I even tried increasing the timeout value to 360 from 15 and even then I receive the same connection error.
>
> I believe this line:
>
> [*] Started reverse handler on 192.168.2.7:4444 
>
> indicates that 192.168.2.7 is the LHOST on which metasploit is running.
>
> Thanks.
>
> From: Joshua Smith <lazydj98 () gmail com>
> To: framework () spool metasploit com 
> Sent: Tuesday, January 15, 2013 10:17 PM
> Subject: Re: [framework] Joomla SQLi to PHPExec
>
> Are you setting RHOST to 127.0.0.1?  Generally metasploit doesn't handle 127.0.0.1.  You can *sometimes* substitute 
> 127.0.1.1 which or any other localhost address.
> Try running your joomla instance on one of your proper IP addresses and trying it again.  You can then tear down the 
> joomla instance so as not to get exploited by others.
>
> -Josh
>
>
> On Jan 15, 2013, at 10:39 AM, NeonFlash wrote:
>
> > hello,
> >
> > I am using the joomla_filter_order exploit. I got the link to the exploit module from here:
> >
> > http://0x6a616d6573.blogspot.in/2011/04/joomla-160-sql-injection-analysis-and.html
> >
> > Now, I am using it to test the vulnerability in a Joomla 1.6 installation.
> >
> > the default options are being used for the exploit module.
> >
> > only RHOST option was modified to the site name.
> >
> > However, when I run the exploit, I keep receiving a timeout connection. After several attempts, it was able to send 
> > out a GET request to the site to detect the version of Joomla running. However, it again gives a connection timeout 
> > error and fails.
> >
> > I am able to open the site from my browser without any issues and also ping it.
> >
> > I ran wireshark while the exploit module was running and after sending the first GET request to the Joomla site, it 
> > doesn't send any traffic after that to the destination site.
> >
> > Here is the output of the exploit module:
> >
> > [*] Started reverse handler on 127.0.0.1:4444 
> > [*] Initializing exploit code ...
> > ################################################
> > # Joomla! 1.6.0 SQL Injection -> PHP execution #
> > ################################################
> > # By James Bercegay # http://www.gulftech.org/ #
> > ################################################
> > [*] Attempting to determine Joomla version
> > [*] The target is running Joomla version : 1.6
> > [-] Exploit exception: The connection timed out (salt-earth.com:80).
> > [*] Exploit completed, but no session was created.
> >
> > I checked the code of the module and modified the timeout in GET wrapper here:
> >
> > 325:    def http_get(url, headers = {}, timeout = 60)
> > 357:        }, timeout)
> >
> > Even then, the exploit times out.
> >
> > Any suggestions?
> >
> > Thanks.
> >
> >
> >
> >
> >
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
>
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework