Page 1 of 1

Wordpress Challenge

PostPosted: Thu May 24, 2018 9:35 am
by aumatclo
Hi there,

I created myself a challenge (a friend actually gave it to me).
He created his own lab and created a website with wordpress and told me to hack it.
I am a not a pro with website but I managed to get the challenge half done.

He hide a .git broken that I manage to reconstruct (more or less) and therefore I got access to all the previous versions of the website. It has only php, from wp-content to all the plugins and the login pages. After long hours of looking inside and trying to analyze the code I didn't find any breach...
I tried all the different plugins to find vulnerabilities.. nothing
Not a single log hidden, not a single custom php, but only php automatically created from wordpress.
Because the .git is broken I cannot modify the php and upload it again to create a backdoor (at least I think haha)

I am looking for a small help, like if someone could give me a new idea to look for so I can gain access.

If any of you can give me a hand I would be very grateful

Thank you in advance

Re: Wordpress Challenge

PostPosted: Mon May 28, 2018 2:03 am
by pretentious
There’s safety in numbers. 80% of the world is running WordPress. With a boilerplate set up, it is very unlikely there are vulnerabilies(that you will find)

Care to elaborate on the whole .git thing and how you could use that as an attack surface?
Limited experience but you could probably manually repair it if that gives you an in

Otherwise, challenge your friend to build custom functionality into the system