Lab 12 - Hacking WordPress 2.8

Introduction

This is your one chance to perform a denial of service attack of sorts. WordPress is vulnerable to an injection attack of sorts. You don't need Metasploit for this one. More than just an exploit, I want you to think about how you can use this vulnerability to cause a denial of service.

Lab Goals

  1. Install WordPress on the windows 2016 server.

  2. Cause WordPress to change the Administrator password.

  3. Outline a way to use this attack to cause a denial of service. (This will be the thought part)

Setup

  1. Research how to download and install previous versions of WordPress (These are on the official WordPress site)

  2. Download and install WordPress 2.8 for IIS

    1. Make sure you run through the setup
    2. Create at least one page for yourself.
  3. IMPORTANT: Create yourself a new account that has administrator privileges - so that when you hack the other one, you can still get in.

  4. Using just a browser, force WordPress to reset the administrator password.

Show Me

  1. Show the site working
  2. Show the hack in action.
  3. Turn in a paragraph describing how you could use this hack to cause a denial of service.

AdvancedNetworkSecurity/Labs/Lab12 (last edited 2019-04-11 15:43:24 by scot)