sQuo Posted March 17, 2012 Share Posted March 17, 2012 This is the hidden content, please Sign In or Sign Up Description: Webserver Content: WordPress default page. Webserver on my LOCAL network!!! but works over the internet... 1, Detecting admin pages. 2, Scanning for open ports. 3, Scanning with WPScan for detecting WordPress version. 4, Enumerating users via WPScan. 5, Bruteforcing user with passwordfile. 6, Injecting Reverse Shell PHP (Thank's to pentestmonkey) to one of the plugins. 7, Starting netcat and executing Reverse Shell PHP. 8, Openning wp-config.php, because it is contain the SQL Database login info. 9, Lets try to login to PHPMyadmin 10, LOL the admin is use one password for all users..... 11, Try to connect to the SSH Server with my known PHPMyadmin login. 12, And finaly change the ROOT Password........ 13, Connect to the server as ROOT.... Link to comment Share on other sites More sharing options...
Recommended Posts