Description: Webserver Content: WordPress default page.
Webserver on my LOCAL network!!! but works over the internet...
1, Detecting admin pages.
2, Scanning for open ports.
3, Scanning with WPScan for detecting WordPress version.
4, Enumerating users via WPScan.
5, Bruteforcing user with passwordfile.
6, Injecting Reverse Shell PHP (Thank's to pentestmonkey) to one of the plugins.
7, Starting netcat and executing Reverse Shell PHP.
8, Openning wp-config.php, because it is contain the SQL Database login info.
9, Lets try to login to PHPMyadmin
10, LOL the admin is use one password for all users.....
11, Try to connect to the SSH Server with my known PHPMyadmin login.
12, And finaly change the ROOT Password........
13, Connect to the server as ROOT....
Tags: WordPress , Linux , Hacker (term) , ubuntu , Hacker (computer Security) , Web , Server , Control , root , hack , ftp , http , ssh , tutorial , webserver , phpmyadmin , mysql , Youtube , WPScan , bruteforce ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Hi, Nice video. Where can I get a copy of your admin finder script?
@Sidi0u5:
admin finder script: http://pastebin.com/0sQVH9L4
admin list: http://pastebin.com/LJaKJ50Y --> save as adminpth.txt
Thank you, much appreciated.