Tryhackme “Colddbox” Report, WordPress enumeration and Plugin Exploitation, SUID binary PrivEsc

  • Post author:

Colddbox Introduction https://tryhackme.com/room/colddboxeasyDirectory brute forcing exposes usernamesWPScan can also be used to enumerate Wordpress usernamesDue to poor password strength, hydra can use rockyou.txt wordlist to perform a dictionary attack against the login form and determine a user’s credentialsWordpress plugins can be leveraged to run malicious…

Continue Reading Tryhackme “Colddbox” Report, WordPress enumeration and Plugin Exploitation, SUID binary PrivEsc

End of content

No more pages to load