Cabra Arretado Aperriando o WordPress
21
$ pwd /home/espreto $ mkdir conferences/nullbyte && cd $_ $ cat > title.txt ^C $ clear
-
Upload
nullbyte-security-conference -
Category
Technology
-
view
133 -
download
1
Transcript of Cabra Arretado Aperriando o WordPress
$ pwd
/home/espreto
$ mkdir conferences/nullbyte && cd $_
$ cat > title.txt
^C
$ clear
$ whoami
espreto
$ cat me.txt
$ clear
$ cat talk.txt
$ clear
$ irb - -simple-prompt
>> def talk(data)
>> …snip…
>> talk(“wp_intro”)
>> talk(“plugins_the_dark_side”)
>> talk(“plugins_the_dark_side”)
Commons Vulnerabilities
Upload Vulnerability Mechanism.
Cross-Site Scripting vulnerability (XSS).
File Download Vulnerability.
Cross-Request-Forgery Vulnerability (CSRF).
SQL Injection Vulnerability (SQL Injection).
>> talk(“plugins_the_dark_side”)
https://wpvulndb.com/plugins
>> talk(“why_metasploit”)
>> talk(“exploits_auxiliaries”)
https://www.rapid7.com/db/search
>> talk(“http_msf_requests”)
net/http library
Msf::Exploit::Remote::HTTP::Wordpress
>> talk(“http_msf_requests”)
File Read (Traversal)
http://wordpress/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../../../etc/passwd
>> talk(“demo”)
>> talk(“http_msf_requests”)
WordPress Login
Check method
@espreto
>> talk(“http_msf_requests”)
Get nonce
>> talk(“wpsploit”)
By todb, Rapid7
>> talk(“wpsploit”)
>> talk(“wpsploit”)
https://github.com/espreto/wpsploit
>> talk(“demo”)
>> talk(“demo”)
>> talk(“questions”)
>> quit
$ cat contact.txt
$ shutdown –h now
![[Rascunho] Como projetar sites acessíveis usando o WordPress](https://static.fdocuments.in/doc/165x107/55879e5bd8b42afb748b476c/rascunho-como-projetar-sites-acessiveis-usando-o-wordpress.jpg)
![Senior Pairs Results.pdf · M. Short - S. Smith (Cabra Vale Diggers) D. Aitken - A. Talbot ... P.Shean - 11 P.Chown [RWC] G.Corey [CABRA] 21 PLEASE EMAIL ALL MORNING & …](https://static.fdocuments.in/doc/165x107/5ae062a27f8b9a6e5c8d4fce/senior-pairs-resultspdfm-short-s-smith-cabra-vale-diggers-d-aitken-a.jpg)
