Hi there,
I’m working on Shield machine; I first tried to exploit it through the xmlrpc.php url, but metasploit gave me this weird answer:
[+] 10.10.10.29:80 - Found Wordpress version: 5.2.1
[-] 10.10.10.29:80 /wordpress/xmlrpc.php Target’s version (5.2.1) is not vulnerable to this attack.
[] 10.10.10.29:80 - Dropping CHUNKSIZE from 1500 to 1
[] XMLRPC enabled, Hello message received!
[*] 10.10.10.29:80 - Starting XML-RPC login sweep…
So its says target not vulnerable, but still starts the login sweep? How?
I finally found out old credentials were working, and managed to get a meterpreter using metasploit wordpress exploit, but it seems that most of the commands doesn’t work. It’s my first time using a meterpreter so I figured it was not as good as a shell and made some search on how to get a shell from a meterpreter. Weirdly, most of the answers I found were the other way round: get a meterpreter from a shell. As in, meterpreter is better than a shell? How so?
I then managed to get a shell; still not a lot of working commands. Then I searched in the machine, found some Ids, but didn’t found any use for them, and ended up taking a look at the walkthrough.
It says, just like that, that the machine is vulnerable to the Rotten Potatoe exploit. And I would like to know HOW we can found that information? Because as soon as I found out which system it was, I searched for possible exploits against it; searchsploit found only one, metasploit reference some, the CVE site gives a lot of answers but none with an “all-made” exploit…and I found nothing on this Rotten Potatoe thing.
It also says hat netcat is used to get a “more stable shell”, as in, meterpreter is not as stable as the reverse shell? But we got the reverse shell through meterpreter, as sound as the meterpreter session breaks so does the reverse shell. How is it more stable?
Thanks for your time 
Br