Today we will discuss poor development practices in wordpress plugins with key focus WordPress Plugin Membership Simplified v1.58 which as of the time of this writing the script is not patched . The vulnerable script is as below: Meta data: Discovery : Larry W Cashdollar WPVDB ID : 8777 CVE-ID : CVE-2017-1002008 Dork Standard stuff […]
Mobile App Native
Categories
Today I release a simple exploit as a PoC for the 5 advisories. These were discovered by Larry W Cashdollar. The exploit takes on the following phases: It checks that the plugin exists. If it does it generates a webshell and uploads it to the server. The plugin renames shells to an md5 hash; The PoC […]
Jimmy the troll (unknown)
Categories
Download Unknown.ova here (782.44 MB) This CTF was made by Jimmy to test a number of aspects. It was also keen as the previous one on attention to some details. So without further ado, lets get into what made this journey awesome. Know About Thy Target This was the first step and for this I […]
Following the previous article where all exploits failed , there are still 2 doors down : Nmap be abit old Go for some “GRUB“. Nmap be abit old Now for this bit nmap is old its version 3.81. This can be abused via the –interactive option. More information on this can be found here. But basically […]
Now from John The Troll (CTF – Africahackon) – Key 2 we have gotten to be Chicken, so the next thing would be getting information about the system. [+] Kernel Linux version 3.13.0-55-generic (buildd@brownie) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #94-Ubuntu SMP Thu Jun 18 00:27:10 UTC 2015 [+] fstab entries # /etc/fstab: static file system […]
After the previous article we got the first key. Now for the second key we needed to move a notch higher into the system. We had a loot.dic so the best option seeing we only have the web application facing us so far would be bruteforcing it. root@mth3l3m3nt:~# wpscan -u http://192.168.238.101/ -U hacker123 -w ~/loot.dic […]
Download Africahackon CTF by John the Troll (487.71 MB) The CTF wanted to cover basics in the beginning where people not only see but observe. On loading the system we notice that there is a web application hosted on it. The application was a wordpress application. Things to note about it are: readme.html was still […]
WordPress is favoured because of its use of plugins. Initially we have covered to articles that would guide in manually hardening wordpress through htaccess and patching the theme but it doesn’t always have to be the case, non tech users would prefer doing the hardening via plugins. Some very nice plugins to do hardening include: […]
WordPress Hardening (htaccess)
Categories
WordPress is among the most widely used CMS in the world. This popularity has also lead to a number of issues within wordpress. We will look at how to harden wordpress using four elements , together or either one depending on level of hardening required. The 4 methods include: Hardening via htaccess Hardening via patching the theme […]