Wordpress

If you encounter a wordpress website then follow these steps:-

  1. Scan in background using Wpscan.

  2. Check for valid usernames using login/forgot password. (Error message)

  3. Bruteforce the password using hydra

Once you get the credentials of the wordpress account, try to use those elsewhere as well, or example: SSH

If the credentials don't work anywhere else then login to wordpress and try to get a reverse shell using:-

  1. Editing the 404.php page at APPEARANCE -> EDITOR. The 404.php page is at wp-content/themes/twentytwelve/404.php.

  2. Install a new plugin. /usr/share/seclists/Web-Shells/WordPress/plugin-shell.php. Zip the plugin shell. zip plugin-shell.zip plugin-shell.php. Then go to ADD NEW -> UPLOAD PLUGIN. The plugin will be installed at wp-content/plugins/plugin-shell/plugin-shell.php. Check if the code execution was successful using ?cmd=whoami.

IMPORTANT DIRECTORIES:-

/wp-admin, /wp-content, /wp-content/plugins, /wp-content/uploads, /wp-includes, /wp-config.php

Change password after getting Mysql access: UPDATE wp_users SET user_pass= MD5('bypassed') WHERE user_login='admin';

PreviousBlunditNextOctoberCMS

Last updated

Was this helpful?