TartarSauce

any hint for upload file ?? :cry:

bro, if something doesn’t work then jump into another thing, and re-enumerate.

I don’t want to say Try harder, instead just take a step back and re-enumerate what you have in hand.

Does anyone else get different wpscan results for tartarsauce compared with the main writeup? My wpscan is not returning anything about the vulnerable plugin begining with Gw.

Type your comment> @thegingerninja said:

Does anyone else get different wpscan results for tartarsauce compared with the main writeup? My wpscan is not returning anything about the vulnerable plugin begining with Gw.

It might be that your wpscan is not updated or may be try a different tool that enumerates wordpress.

Hi @hansraj47. I had just updated wpscan but I haven’t tried anything else to enumerate WP plugins. Will google/try that when I’m next on.

did you put the right directory?

it is webservices/wp/

just rooted tartarsauce and i still dont understand a lot of things about that script. But whoever i having a tough time out there, you should take a look at

hxxps://3mrgnc3.ninja/2018/02/tartarsauce/

it helped a lot. I guess i am going to watch India vs New zealand semi finals and get going with my journey of understanding the script fully.

Cheerz guys!

Thanks again @hansraj47 . I’m going to go through that walkthough.
My issue seems to be that WPScan now defaults to a less aggressive plugin enumeration. In version 3.5.3 I needed to add:
–plugins-detection aggressive
To find the plugin expected. Even the -u has to become --url.

1 Like