now browsing by tag
For anyone getting into the security or penetration testing field; I believe it is always recommended that you do as much reading, learning, and testing as possible. I highly recommend this very informative read from Mark Montague, called Attacking WordPress.
Using the tools commonly provided with Kali Linux, but are available to nearly every linux user: WPScan, Weevely, and Metasploit. What he shows in his presentation, is that he is not using anything he would consider advanced techniques, he is using basic skills, and basic tools to find vulnerabilities in WordPress and successfully exploit them.
In his presentation, Mark Montague, walks you through, running WPScan to determine versions of WordPress, and its plugins installed, using weevely to generate php code, that allows the hacker to remotely control the server, and metasploit for additional exploitation plugins.