This article details a detailed walkthrough of exploiting a vulnerable WordPress website in a TryHackMe Smol room scenario, showcasing techniques such as plugin exploitation, privilege escalation, and password cracking. It offers valuable insights for beginners into real-world attack methods used against outdated and backdoored WordPress installations. #WordPressVulnerabilities #PluginExploitation
Keypoints
- The target website was running outdated WordPress version 6.7.1 with enabled XML-RPC and directory listing.
- A backdoored plugin, jsmol2wp, was exploited to access sensitive data and upload a file to the server.
- The attacker used known vulnerabilities to execute remote commands and gain a reverse shell on the server.
- Database credentials obtained from wp-config.php enabled access to the MySQL database, leading to user password extraction.
- Privileged escalation was achieved through SSH keys and password cracking, culminating in capturing the root flag.