Academy | Hacking WordPress | Skills Assessment - Shell Upload

Off-topic
1

Hi all,
I’ve been struggling for a few days with the last part of the WordPress skill assessment.

I’ve added the correct url to /etc/hosts and have gotten every other box except the final one. For some reason when I try to use the wp_admin_shell_upload exploit on Metasploit I get the following error:

[] Started reverse TCP handler on 10.10.[].[]:4444
[-] Exploit aborted due to failure: not-found: The target does not appear to be using WordPress
[] Exploit completed, but no session was created.

I’ve set VHOST to ‘yes’ but still can’t get the shell uploaded. I read about uploading the shell manually but can’t find any information on how to do this online. Can anyone help me? Thanks!

Edit: I finally got the flag. If someone else runs into this problem send a message and I can point you in the right direction.

3

hi would appreciate provide the hint to me thanks

4

Where exactly are you stuck?

5

I’m stucking at the last question

Seems like using metasploit and I using Erika credentials and it just don’t work, need direction or some hints thanks

6

You don’t need Metasploit.
There was another method explained in the module. Use this

7

I cant get to modify the 404.php any clues im missing out of

8

Edit a file from an unused theme. Delete the entire content of the file and then write your payload in there

1 Like
9

Thank you :blush: @PayloadBunny just finished the module