πŸ’£Part III – Exploitation

πŸ”Ή 1. Brute Force & Weak Credentials

  • Default Credentials: Some admins never change defaults (admin/admin, password123, etc.).

  • Username Enumeration: Attackers can enumerate valid usernames via /author/ URLs, API responses, or error messages.

  • Admin Panel Login Attacks: Attackers frequently target /wp-login.php or /xmlrpc.php using brute force or credential stuffing attacks. Weak or reused passwords are often enough for compromise.

πŸ”Ή 2. Find the Right Exploit

  • Where to Look: Exploit databases (Exploit-DB, Packet Storm), GitHub PoCs, and CVE feeds are prime sources.

  • Vulnerable Plugins & Themes: Attackers prioritize popular plugins/themes because they are widely installed.

  • Example – RevSlider: Historically one of the most exploited plugins, allowing unauthenticated file upload and arbitrary file read β†’ full compromise.

πŸ”Ή 3. File Upload to RCE

  • Default Restrictions: WordPress normally restricts uploads to safe file types like .jpg, .png, .pdf.

  • Bypassing Restrictions:

    • MIME type misconfigurations

    • Double extensions like shell.php.jpg

    • Uploading .php5, .phtml if server interprets them

  • Practical Exploitation:

    • Uploading & activating a malicious plugin

    • Uploading a malicious theme

    • Abusing the Media Library uploads

  • Exploiting File Upload Plugins: Contact forms, galleries, and membership systems often allow unsafe uploads.

  • Import / Export Exploits: Malicious XML/JSON payloads in vulnerable importers can lead to RCE.

PreviousPart II – EnumerationNextBrute Force & Weak Credentials

Last updated