Shield

Personal Rating: Easy

Enumeration

Running the initial nmap scan revealed two open ports:

sudo nmap -v <IP>

Discovered open port 3306/tcp on 10.10.10.29
Discovered open port 80/tcp on 10.10.10.29

It was a wordpress site. I found http://10.10.10.29/wordpress/wp-admin/

I attempted injections with sqlmap, fuzzed the site with dirb and ran more nmap scans, not knowing yet how to properly enumerate wordpress specifically.

Password Guessing

After checking the walkthrough since I got stuck, I knew that the password of another Box was needed to log into the wordpress admin portal, which was very disappointing. So realistically, the only way would be bruteforce here.

Later I learned about Wordpress enumeration and exploits, which might also have worked here.

PreviousResponder NextUnified

Last updated 1 year ago