Today we'll start here:
Just like during 'normal CTF' ;) I tried to enumerate remote host to get the idea of what (plugin) was vulnerable (and attacker was able to get in the box) - to do that I used wpscan:
Unfortunately - I was a little bit disappointed when I saw a 'need to register'... so I decided to create a small (and lame ;]) "wrapper" for wpscan. ;]
Idea is simple:
- do a GET request to Wordpress-based-attacker's-page
- extract links of plugins...
Easy like that, so now we should be somewhere here:
Good enough to prepare a starter ;)
Ok. So far, so good. We can GET a list of links (of plugins) from remote host. What's next?
I decided I will not create another GET-request to pages like this or that - I will just use the tool(s) available already on default installed Kali VM. So - last 'function' is based on searchsploit:
We should be somewhere here (adding our new function to the wooper.py code):
Checking:
Yeah I know, maybe it's not "the best"...
...but I hope it will help you somehow to solve CTF(s) faster ;)
Special thanks goes to my Patreon: Daniel.
You are AWESOME! ;)
See you next time!
Brak komentarzy:
Prześlij komentarz