Academy | Hacking WordPress | Skills Assessment - Shell Upload

Hi all,
I’ve been struggling for a few days with the last part of the WordPress skill assessment.

I’ve added the correct url to /etc/hosts and have gotten every other box except the final one. For some reason when I try to use the wp_admin_shell_upload exploit on Metasploit I get the following error:

[] Started reverse TCP handler on 10.10.[].[]:4444
[-] Exploit aborted due to failure: not-found: The target does not appear to be using WordPress
[
] Exploit completed, but no session was created.

I’ve set VHOST to ‘yes’ but still can’t get the shell uploaded. I read about uploading the shell manually but can’t find any information on how to do this online. Can anyone help me? Thanks!

Edit: I finally got the flag. If someone else runs into this problem send a message and I can point you in the right direction.

hi would appreciate provide the hint to me thanks

Where exactly are you stuck?

I’m stucking at the last question

Seems like using metasploit and I using Erika credentials and it just don’t work, need direction or some hints thanks

You don’t need Metasploit.
There was another method explained in the module. Use this

I cant get to modify the 404.php any clues im missing out of

Edit a file from an unused theme. Delete the entire content of the file and then write your payload in there

1 Like

Thank you :blush: @PayloadBunny just finished the module