This is a short story where I'm gonna show you the differences between real hackers and noobies.
It's about a website that my friend gave me to check, and guess what?
The website was like this!
Its a Paypal scam page that a noob uploaded in a web site, so the challenge was to find a way to access the server tho!
So first thing to do is checking the URL! “Target.com/wp-content/….”
it’s clear that the target is running WordPress cms, so let's check the login page if it exist!
Now the first thing that came to my mind is to try admin/admin but unfortunately, it's not the correct credentials…
Then its time for enumerating the users:
there is a lot of ways to do it but I said 3 min so basically we need a fast way!
So this is a simple technique to find the first user in WordPress websites:
1)Go to your target “Target.com”
2)Add this at the end of the URL “/?author=1
3) you will see the name of the admin!
Actually I got the username with this method but what next?
Basically, when I have WordPress targets I use a tool called WP-SCAN
to detect vulnerabilities and see if I can exploit one of them but in this case, something in my head said: ‘Try a random password with the user u just extracted”, well I'm a psychopath so I will listen to the voice coming from my head khkhkh, and let's try ‘user_found/password.’
It doesn't work
And as usual, our story cant stop here so let's try ‘user_found/password123’
You know what?
We are inside the Dashboard and now we can upload our reverse shell, So I will exploit this article to give away to upload PHP file in Wordpress dashboard with a good technique based on a plugin I found in one of the hacking forums.
1)Go to the plugins
2) Upload the plugin (.zip)
3)Install the plugin and activate it
4) refresh the page and take a look at the left barre you will see the name of your new plugin, click on it and Bingo you will find an uploader use it to upload your PHP web shell.
Always try to secure the hole you just entered from, if I was in the place of this scammer I will never let this target vulnerable, Ill prefer to change the password and let the owner rechange it instead of giving Hackers an easy why to pwn it.
This is the link of the Plugin.zip
“Being a noob is easy, being a Hacker is about a lifestyle you choose to live.”