Monday, 28 September 2015

How To Gain Admin acess on wordpress websites after uploading shell

Posted by   on

After Upload shell read configration file (wp-config.php) using shell Jumping or symlink
if you want acess in same site where you uploaded shell then simply edit wp-config.php
wp1.jpg (407×250)
Copy MySQL Database's username and password from wp-config.php
Now Goto MYSQL option in b374k shell 
and paste username and password there
wp2.jpg (456×233)
Now Click on Go
Now you wil get 2 tables There
click on table below information_schema
wp3.jpg (352×124)
click on 2 table and find wp_users columns there
and click on wp_users
wp5.jpg (555×186)
you'll get admin username password and email there,
but its Hard to crack wp password so we need to reset it with own hash !
simply put there password reset Query in Black Box
UPDATE wp_users SET user_pass =md5( '123456') WHERE user_login = 'admin';
and Click On Go
you'll get a Reply
UPDATE wp_users SET user_pass =md5( '123456') WHERE user_login = 'admin'; [ok]
its means Password chnaged sucessfully !
wp6.jpg (474×175)
Now goto : and login there =)
wp1.jpg (369×358)
and if you want to upload shell in that site then please read Tutorial here

No comments:
Write comments

Get Updates about Latest Hacks, Exploits, Applications and Softwares.
Join Our Newsletter