Wordpress

Lazy Sysadmin Vulnhub Writeup

Lazy Sysadmin Vulnhub Writeup

‘Lazysysadmin’ is another of the targets as recommended by the excellent TJnull, in preparation for the OSCP. Lazysysadmin is considered an ‘easy’ machine. Just for fun, we’ll take a look at a number of different exploitation routes as well as take a look at some post-exploitation activities (specifically data exfiltration or exfil). Exfil would obviously be of interest to a Red Team operator who is more more ‘goal driven’ and not so fixated on gaining root.
Create a Wordpress Webshell plugin

Create a Wordpress Webshell plugin

Webshells are a really useful stepping stone on the path to a proper reverse shell. The idea is that they use popular scripting based approaches such as PHP to accept some parameters in a GET request. That data then gets executed as a system level command - i.e. against the underlying operating system used by the web site. The types of activity you can perform are dependent on the privileges associated with the account running the web server.