Wordpress
If you encounter a wordpress website then follow these steps:-
Scan in background using Wpscan.
Check for valid usernames using login/forgot password. (Error message)
Bruteforce the password using hydra
Once you get the credentials of the wordpress account, try to use those elsewhere as well, or example: SSH
If the credentials don't work anywhere else then login to wordpress and try to get a reverse shell using:-
Editing the 404.php page at APPEARANCE -> EDITOR. The 404.php page is at wp-content/themes/twentytwelve/404.php.
Install a new plugin. /usr/share/seclists/Web-Shells/WordPress/plugin-shell.php. Zip the plugin shell. zip plugin-shell.zip plugin-shell.php. Then go to ADD NEW -> UPLOAD PLUGIN. The plugin will be installed at wp-content/plugins/plugin-shell/plugin-shell.php. Check if the code execution was successful using ?cmd=whoami.
IMPORTANT DIRECTORIES:-
/wp-admin, /wp-content, /wp-content/plugins, /wp-content/uploads, /wp-includes, /wp-config.php
Change password after getting Mysql access: UPDATE wp_users SET user_pass= MD5('bypassed') WHERE user_login='admin';
Last updated
Was this helpful?