Skip to content

Summary of Praj Shete’s Analysis on Malicious WordPress Plugin Challenge

Original Post: Write-Up > LetsDefend Challenge: Malicious WordPress Plugin | by Praj Shete | Oct, 2024

The article details a cybersecurity analysis of a hacked WordPress website. The hack likely stemmed from a plugin with a remote code execution vulnerability. The exploration includes identifying the IP addresses of the web server and attackers, determining the versions of the deployed Apache and PHP servers, and tracking the enumeration of site users. The analysis further identifies a brute-force attack, revealing the page used for it, and details how the attacker accessed an account, including the username and password. The article examines the exploited plugin and its associated CVE, pinpoints the command and control (C2) server’s IP, and identifies the function used to test the exploit. It concludes with insight into the attacker’s server details, the username logged during the attack, attempts to upload a reverse shell, including IP and port details, and the command that posed an obstacle during the reverse shell process.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *