OSCP Notes
  • OSCP Cheatsheet
  • Sistema de ficheros del OS
    • File Transfers Linux
    • File Transfers Windows
  • Web Attacks
    • Web Enumeration
    • SQL Injection
    • CGI
    • CMS
  • DATABASES
    • MSSQL
    • MYSQL
  • Services Enumeration
    • Trucos Generales
    • POP3 - 110
    • SMB - (445-139)
    • DNS
    • NFS - 2049
    • SMTP - 25
    • TFTP - 69
    • SNMP - (161-162-10161-10162)
  • Privilege Escalation
    • Information Gathering - EscPriv
    • Windows Privilege Escalation
      • MANUAL - Windows PrivEsc
      • Bypass UAC
    • Linux Privilege Escalation
  • Password Attacks
    • Hash Identification
    • Brute Force
    • Pass in the Hash
    • Password Cracking
  • Port Redirection and Tunneling
    • Port Forwarding
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Remote Port Forwarding
      • SSH Dynamic Port Forwarding
  • Active Directory Attacks
    • AD Enumeration
    • AD Authentication
    • AD Lateral Movement
    • AD Vulnerabilidades actuales
    • Powershell Empire
  • Buffer Overflow
    • Linux
    • Windows
      • Spiking
      • Fuzzing
      • Finding the Offset
      • Overwriting The EIP
      • Finding the Bad Charaters
      • Finding The Right Module
      • Generating Shellcode and Gaining Shell
  • Client-Side Attacks
    • Windows Office Macros
  • Post-explotacion
    • Trucos Generales
      • Links Utiles
    • Windows
      • Mimikatz
      • Writeup Esc WinXP SP1 with services
      • POWERSHELL
  • CRTP
    • PowerView
    • Notas Generales
Con tecnología de GitBook
En esta página
  1. Web Attacks

CMS

Wordpress

#Enumeracion 
wpscan --disable-tls-checks --url http://10.10.10.111/wp/ --enumerate vp 

# Formas para subir una RevShell después de tener acceso al panel 
Upload Shell through Add Theme
Upload Shell through Add Plugins
Themes templet into 404.php
Using pre-installed Plugins into header.php
## Revisar el siguiente enlace:
https://www.hacknos.com/wordpress-shell-upload/


# IMPORTANTE PARA DETECTAR VULNERABILIDADES
wpscan --url http://10.10.10.111/wp/ --force --api-token XXXXXXXXX

AnteriorCGISiguienteMSSQL

Última actualización hace 2 años