Joomla Reverse Shell Plugin

by Vince
in Blog
Hits: 679

I thought I'd written about this previously but a quick search yields zero results.  Basically, the idea here is that we've compromised a Joomla system and we want to get a reverse shell on the underlying system.  We could modify the existing site but that's a lot more destructive, and sometimes more difficult, than just figuring out how to make a plugin.  In the example below, I've used the instructions for creating a plugin for an older version of Joomla but I've deployed it on Joomla 4 so it's still a valid method.

Read more

Offensive Phishing

by Vince
in Blog
Hits: 718

We run phishing campaigns for awareness training but we also use phishing as an attack vector.  In some instances, if we phished credentials, we would call that a success and move on.  In other cases, we would want to actually breach the environment through phishing.  If we look at MITRE, we're going to see a lot of different techniques using attachments, Word and Excel are popular.  I'm going to use an HTA file which can be constructed without the need for Microsoft Office.

Read more

Exploiting Log4j

by Vince
in Blog
Hits: 664

A few days ago, the world caught on fire with a new vulnerability in Log4j.  Currently, to see the extent of the attack surface, you can view this list on Github.

CVE-2021-44228

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Read more