Wordpress Reverse Shell

-

Wordpress Reverse Shell

This post is related to WordPress security testing to identify what will be possible procedure to exploit WordPress by compromising admin console. We have already setup WordPress in our windows 7 machine.

Table of Content
1) Metasploit Framework
3) Upload PHP reverse shell
4) Getting reverse shell connection

Requirement:
Host machine: WordPress
Attacker machine: Kali Linux
WordPress Credential: admin: password

Let's begin


1) 1st Method 


The site which we are going to test is:






i login into the wordpress admin



Now i check upload the reverse shell (PHP) using metasploit



BOOOOOOM : I got the interactive shell of windows 7 machine




Let's breach in another way


2) 2nd Method


I have already done login into wordpress using admin and password

So,


Create a PHP code file using msfvenom





Now Go to the Apprereance -> Theme editor -> 404.php templetes



past a php code we created




then listen a reverse shell using msfconsole or netcat
and
Load the the page which will call 404.php file from browser
Then the server will execute the php code and we got the reverse shell





Happy Hacking :)

Comments

Post a Comment

Popular posts from this blog

SAR1 VULHUB WALKTHROUGH

-
Image
SAR1 (Walkthrough) This Box Is From Vulhub You Can Download It From  Link .This Box is like OSCP box which i beleive is .I pwned this box using LFI leads to RCE. Breaching Process  Finding IP Netdiscover Enumeration Browsing HTTP  service Nmap scan Enumerating directory using nikto and dirb Found robots.txt and other useful directory Enumerating sar2HTML Exploitation using searchsploit for sar2HTML found RCE Injecting php code using (wget) Got reverse shell using NC Privilege Escalation Found crontab execute shell in 5 min. Add the sudoers permission for www-data. Got root permission  Let's Breach   Using netdiscover  i found the box ip address.The ip address was 192.168.248.136 Then i scan the IP using nmap The command is nmap -sSVC -A 192.168.248.136 | tee nmap.txt Here the scan shows only 80 port which was default page of apache There was no thing to see so,i need to dig d...
Read more

EVM: 1 Vulnhub Walkthrough

-
Image
Penetration Methodologies: Finding IP Nmap Enumeration Browsing HTTP Service Directory Bruteforce using dirb Enumeration Using WPScan Password Bruteforce using WPScan Getting Login Credentials Exploitation Exploiting using Metasploit  Getting a reverse connection  Spawning a TTY Shell  Enumeration for Root Credentials Privilege Escalation  Getting Login Credentials Logging in as root Reading the Final Flag Let's Breach:     First of all finding IP for the machine i use bridge connection.The IP of machine was 192.168.1.5 I quickly nmap the website found 80 open Then i browse the server and found that apache default page and phpinfo() Nothing interesting then i bruteforce the directory you can use gobuster and nikto also While scan is complete i found a wordpress directory that leads me to an another website Then i quickly browse the http://192.168.1.5/wordpress then i found the page d...
Read more