wordpress CTF
by hackerman1924 - January 27, 2021 at 10:47 PM
#1
Hi
I have a CTF I need help with. It's wordpress 5.6 without any plugins or themes. Already tried wpscan, admin user bruteforce, xmlrpc (which always returned parse error) and others.
All the files from 5.6 source code are accessible. Only user admin found. I need to have access to server or the ability to comment, but can't do it without an authenticated user (also with wp-json api)
Any idea please?
Reply
#2
you can bruteforce file backup Smile
Reply
#3
(January 28, 2021 at 03:57 AM)mtdev2020 Wrote: you can bruteforce file backup Smile
No backup found from wpscan, here's the URL:

http://cs.shenkar.cloud/index.php
Reply
#4
Thanks for sharing buddy!
This forum account is currently banned. Ban Length: 3 Months (2m, 1w, 6d remaining).
Ban Reason: Leech
Reply
#5
If anybody want to help, I'm also willing to pay for a good lead of how to continue here .thanks-
Reply
#6
(January 28, 2021 at 10:18 AM)hackerman1924 Wrote:
(January 28, 2021 at 03:57 AM)mtdev2020 Wrote: you can bruteforce file backup Smile
No backup found from wpscan, here's the URL:

http://cs.shenkar.cloud/index.php

Do you have any info about this cTF anymore? eg: homepage program .....
Reply
#7
Whats is the name of your CTF?
Reply
#8
(January 29, 2021 at 03:33 AM)mtdev2020 Wrote:
(January 28, 2021 at 10:18 AM)hackerman1924 Wrote:
(January 28, 2021 at 03:57 AM)mtdev2020 Wrote: you can bruteforce file backup Smile
No backup found from wpscan, here's the URL:

http://cs.shenkar.cloud/index.php

Do you have any info about this cTF anymore? eg: homepage program .....

What other info do you need? the website is still online man Smile  cs.shenkar.cloud  , as I said I got as an assignment for infosec course I'm taking.
Do you have any other idea besides the backup which I didn't try yet ?
thanks
Reply
#9
Thank you for the share friend, working nicely!
Reply
#10
(February 01, 2021 at 12:46 PM)Alpha5050 Wrote: Thank you for the share friend, working nicely!

what's working nicely? Huh
Reply
#11
http://cs.shenkar.cloud/info.php says allow_url_fopen is on
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Alexa 1Mio Wordpress Theme and Plugin Scan - 17k 0xrs 1 77 6 hours ago
Last Post: Murray_Sky
ADHD - King Of CTF ( Best Active Defense Tools ) Amank 11 781 Yesterday at 03:59 AM
Last Post: c0oknn
WordPress Spammer - A simple and easy to use WordPress Spammer kermer 5 414 April 01, 2020 at 06:22 PM
Last Post: kermer

 Users browsing this thread: 1 Guest(s)