Last time when I created 'evil module' we talked about web based on Drupal. Today we will try to achieve similar results for Wordpress. Here we go...
Idea is simple - just like for the Drupal - we need to find/create a package with new plugin. I decided to find one at official Wordpress page and 'backdoor it' with my super-php-backdoor-code ;)
Module can be used then to prepare a reverse-shell during CTF competition (remember to use it only for legal purposes):
I decided to use this plugin:
Case scenario: we obtained admin's password for Wordpress wp-admin, now we can install 'new plugins':
Now we can acticate our new plugin:
We will be redirected to the Dashboard. Click to Plugins and select our new installed plugin:
Now we can edit php file, let's add simple example - phpinfo():
If you don't know what is the 'default' path for plugins installed on remote host, you can use:
$ wpscan --url http://your.host
As we can see 'default path' to plugins directory should be http://host/wp-content/plugins/. Checking:
It works! :)
Now let's update our example-plugin to add reverse-shell from pentestmonkey:
Ok, netcat is ready for incomming connections so we can visit our new saved plugin page:
That's all.
See you next time!
Cheers
Brak komentarzy:
Prześlij komentarz