Today we will discussing about how we can make the vulnerable WordPress CMS ( Content management system ) and exploit it. With the help of this article, you will get the idea of making CTF (Capture the Flag) lab because first we will make it vulnerable and then take advantage of it.

CTF ( Capture The Flag )

Currently in the cyber security capture the flag is a traditional outdoor game whereas two teams each have a flag and the objective is to capture the other team’s flag.

Requirements

  • Kali linux = Attacker
  • Ubuntu = Victim

Lets do it 🙂 !!

Usually new vulnerable plugins are exposed everyday which affects many websites. Similarly we will choose reflex galaxy plugin version 3.1.3 which will provide us meterpreter of the web server without much efforts. There are several plugin are available in different -2 vulnerability which you can use to setup a complete CTF lab. You can download this plugin from it here.

Now install the plugin on wordpress.

Click on activate and processed to next.

Here you can see that the plugin has successfully installed in our wordpress.

Now we will check whether a vulnerable plugin is visible from using WPScan.

Yes wpscan successfully showing as vulnerable plugin.

To exploit this plugin we need to execute the following commands.

Meterpreter session will come here as soon as the exploit is run.

Lets take another example 🙂 !!

Media file exploit are available on metasploit framework so we will exploit it after upload the given plugin.

https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip

Now installed the plugin on wordpress and activate it.

Again we will check the vulnerable plugin is visible or not by using wpscan.

Yes, we have found it.

We have to ready for exploit using the following command.

After just executing the payload, meterpreter session will be comes to you.

About the Author
Virat Sharma Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Connect on LinkedIn.

7 thoughts on “Beginner’s Guide to Make Exploitable WordPress Lab For CTF”

  1. I have been browsing on-line more than 3 hours these days, but I
    never discovered any fascinating article like yours.

    It is pretty worth sufficient for me. In my view, if all webmasters and bloggers
    made good content material as you did, the internet will be a lot more useful than ever before.
    It is perfect time to make some plans for the future and
    it’s time to be happy. I’ve read this post and if I could I wish to suggest you few interesting things or advice.
    Perhaps you can write next articles referring to this article.

    I desire to read even more things about it! I’ve been surfing online more than three hours
    as of late, yet I by no means found any attention-grabbing article like
    yours. It is lovely value enough for me. In my opinion, if all webmasters and
    bloggers made just right content material as you
    did, the net will probably be much more useful than ever before.
    http://foxnews.org/

    My blog post: Jona

  2. Hello there! This post couldn’t be written any better! Looking through this
    post reminds me of my previous roommate! He continually kept preaching
    about this. I am going to send this information to him.

    Fairly certain he’ll have a very good read. Many thanks for sharing!

  3. I’m extremely impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you modify it yourself? Either way keep up the nice quality writing, it’s rare to see a nice blog like this one nowadays..

Leave a Reply

Your email address will not be published. Required fields are marked *