Home Unlabelled Social Networking Web Server Hacking

Social Networking Web Server Hacking

4 Steps Hacking Jcow Social Networking Web Server via Arbitrary Code Execution

By : ABHISHEK GUPTA

After very long times I didn't write about hacking webserver, today "again" when surfing around I've found that Jcow Social netwoking engine can be exploited and the exploit ranking marked as "excellent".

So actually what happen when you have this Jcow vulnerable version??The simple thing is the attacker can go through your web server directory and doing everything there. For example if you hosting your Jcow vulnerable version(on unsecure hosting also

) you can own your web server directory.
In this example, let's say I have a Jcow vulnerable web server in IP address 192.168.8.94. Actually it's better to try installing your own web server, but if you want to find out Jcow in the wild you can search through Google dork "intext:Powered by Jcow 4.2.0" and register as normal user there. In this tutorial I have already register as username : victim and password also victim

Okay I hope you understand what I say above

to make it more realistic, let's try the tutorial…

Level : Medium

Victim Server : work fine if victime use Windows XP SP3

Victim vulnerable application : JCow 4.2

Attacker O.S : obiously you need Backtrack 5 R1

Requirement :

Here only you need bellow two item.

Which is your actual need.

1#. Metasploit framework

2.# Jcow.rb exploit mediafire.com

Now lets start this article.

4 Steps Hacking Jcow Social Networking Web Server via Arbitrary Code Execution Process:

1.# first of all you simly Copy the

downloaded jcow.rb exploit from the

download link above and copy it into /pentest/exploits/framework/modules/exploits/remote/ folder(for example see the command below).

cp jcow.rb /pentest/exploits/framework/modules/exploits/remote/

now you see the text "framework" in blue color it's only because I'm using

Backtrack 5 R1 and using metasploit

v4.0.1, so the name was depends on

your Metasploit version, maybe on your

computer it can be "framework3" or

"framework2" so on..so dont have

confused.

2.# now when you copy successfully

after that,simply Open your Metasploit

console and then use the exploit you just added before see bellow

msf > use exploit/remote/jcow

3.# now when you complete step 2 , The

next step we need to view the available

switch for this exploit by running show

options command, and then configured it(see the text with red color).

msf  exploit(jcow) > set rhost 192.168.8.94 --> set the target IP
rhost => 192.168.8.94
msf  exploit(jcow) > set username victim --> set the usernameusername => victim
msf  exploit(jcow) > set password victim --> set the passwordpassword => victim
msf  exploit(jcow) > set uri jcow --> only if jcow not in/directory fill it here
uri => jcow

Importent:::?

Set uri can be used if jcow was not

installed on webserver main directory,

for example http://web-server.com/jcow.

4#. now your work has been almost

done ,After everything was set up

successfully, the next thing to do was

exploiting or running the exploit by using

exploit command.

2 comments:

Anonymous9 November 2017 at 11:18
Your style is unique compared to other folks I've read stuff from.
I appreciate you for posting when you have the opportunity, Guess I'll just bookmark this blog.
Unknown21 March 2022 at 00:04
Social Networking Web Server Hacking - Hacksandcracks >>>>> Download Now

>>>>> Download Full

Social Networking Web Server Hacking - Hacksandcracks >>>>> Download LINK

>>>>> Download Now

Social Networking Web Server Hacking - Hacksandcracks >>>>> Download Full

>>>>> Download LINK