Wordpress Exploitation

Learnt while Tryhackme: MrRobot. Will be updated as I keep learning newer thing

WPScan

1) Enumeration

A) Bruteforce and login

sudo wpscan --url http://10.10.67.231/wp-login --usernames Elliot --passwords /home/kali/tryhackme/mrrobot/fsocity-sorted.dic

B) Vulnerability Scanning

wpscan --url yourwebsite.com -e vt (Vulnerable themes) (-e=enumerate) wpscan --url yourwebsite.com -e vp (Vulnerable plugins) wpscan --url yourwebsite.com -e <options> --api-token YOUR_TOKEN (Authenticated scan) wpscan --url yourwebsite.com -e u (Enumerate Users)

2) Exploitation

There exists many exploitation mechanisms. First, I'll talk about editing the PHP code in the theme. Scenario: I was able to find credentials=> Elliot:ER28-0652 I logged in to the admin panel and found out the code for the theme was editable

I simply edit this file and add my own reverse shell code here

Successfully gained reverse shell