poniedziałek, 19 sierpnia 2019

Creating evil module for Wordpress

Last time when I created 'evil module' we talked about web based on Drupal. Today we will try to achieve similar results for Wordpress. Here we go...
Idea is simple - just like for the Drupal - we need to find/create a package with new plugin. I decided to find one at official Wordpress page and 'backdoor it' with my super-php-backdoor-code ;)

Module can be used then to prepare a reverse-shell during CTF competition (remember to use it only for legal purposes):


I decided to use this plugin:

Case scenario: we obtained admin's password for Wordpress wp-admin, now we can install 'new plugins':

Now we can acticate our new plugin:


We will be redirected to the Dashboard. Click to Plugins and select our new installed plugin:


Now we can edit php file, let's add simple example - phpinfo():


If you don't know what is the 'default' path for plugins installed on remote host, you can use:
$ wpscan --url http://your.host

As we can see 'default path' to plugins directory should be http://host/wp-content/plugins/. Checking:


It works! :)

Now let's update our example-plugin to add reverse-shell from pentestmonkey:


Ok, netcat is ready for incomming connections so we can visit our new saved plugin page:

That's all.

See you next time!

Cheers





Brak komentarzy:

Prześlij komentarz