🌊 How to Hack Vulnerable WordPress Websites












The first thing we need's a LAMP stack. This stands for Linux, Apache, MySQL and PHP. This is needed to install a Wordpress website. The installation process is actually relative to the OS we're using. For my case, it's a Parrot OS Linux Distribution. Since my machine is ready to go, that makes it L ✔ A _ M _ P_ 

Let's get into the Apache installation. 

Step 1.
Install all the prerequisites. We can ensure that the packages are up to date through this commands on the Parrot Terminal.

$ sudo apt-get update

$ sudo apt-get upgrade



Step 2. 
Now that everything's ready, let's install Apache. 

$ sudo apt-get install apache2 apache2-doc


Now let's start the web server.

$systemctl start apache2

Looks like we faced an error. I wonder why?

Let's check the status. 

$ systemctl status apache2 

Interesting. Active: failed. That part should be running. Let's troubleshoot and restart. 

$ systemctl restart apache2 

It brought us back to authenticate 😒
A common advise online's to try re-installing it if we can't restart the Apache server. 
Let's try that. 

$ sudo apt-get install apache2 

Okay, done. Now let's try start the server again 😊

$ systemctl start apache2 

We're back to the same error. Happy days 😊
Let's check the status.


Let's check the Apache Configuration file 😊 

$ pluma apache2.conf 

Looks like the Server Root's what we need. Let's try access that.

/etc/apache2 was empty. Being a bit more specific helped me though. 

$ pluma /etc/apache2/ports.conf

Nice. It's listening to Port 80. This is used for unencrypted web, HTTP. Let's change that. I haven't got root access to this terminal machine as well. That means I can't start services on ports below 1024. We can resolve this by using port 8080 instead. Let's do that.


Maybe not through Pluma. It's Read-Only. Let's try configure it on nano 😊

$ sudo nano /etc/apache2/ports.conf

^X > Enter > Enter does the trick. It will come across stubborn but just power through that one okay 😊 I'm sorry Han Solo but I've got a good feeling about this one. 

$ systemctl status apache2.service 

We're live. The webserver's up. L ✔ A ✔ M _ P_  
Now let's get to the Database part. 
 
...or not.


It should be showing Apache on the browser under localhost. Let's look into the configuration files 😊

After a day of work, I found something else. It wasn't the config files. I was looking at the wrong port. It's supposed to be on port 8080. I needed to specify at the address bar: localhost:8080 and this will be the outcome 😊


Great. Now let's actually get to the database. 

$ sudo apt install mariadb-server mariadb-client
sudo nano /etc/mysql/my.cnf  *Note: Change the port buddy 😊
systemctl start mysql.service
systemctl status mysql.service 


Easy. Now let's do the PHP. 

sudo apt install php libapache2-mod-php 
sudo service apache2 restart 


How I tested PHP: 
cd /var/www/html
$ sudo nano info.php 

then populate the webpage 😊
<?php phpinfo(); ?> 

Save then display localhost:8080/info.php 
Once I was done with it, I removed it for security: sudo rm -i /var/www/html/info.php

LAMP stack's all done 😊 

Now for the WordPress installation. 
$ sudo mysql -u root -p -h localhost --port=8080 

Awesome. Now let's get to Enumeration Techniques.

To start the enumeration to the target: 94.237.49.11:58665, here's what I've gone:



Okay, looks like we've got  the text of it but this isn't what we want. 
We want the backbone. 






































That's better.

I just went browser mode. It's just a lot more practical to find the flag I needed.


Now let's try some automated tools for pentesting. 

























Comments

Post a Comment

Popular Posts