Announcement: This Website is For sale, if you're intrested, Please contact US

Monday, 28 September 2015

How To Gain Admin acess on wordpress websites after uploading shell

Posted by   on

After Upload shell read configration file (wp-config.php) using shell Jumping or symlink
if you want acess in same site where you uploaded shell then simply edit wp-config.php
wp1.jpg (407×250)
Copy MySQL Database's username and password from wp-config.php
Now Goto MYSQL option in b374k shell 
and paste username and password there
wp2.jpg (456×233)
Now Click on Go
Now you wil get 2 tables There
click on table below information_schema
wp3.jpg (352×124)
click on 2 table and find wp_users columns there
and click on wp_users
wp5.jpg (555×186)
you'll get admin username password and email there,
but its Hard to crack wp password so we need to reset it with own hash !
simply put there password reset Query in Black Box
UPDATE wp_users SET user_pass =md5( '123456') WHERE user_login = 'admin';
and Click On Go
you'll get a Reply
UPDATE wp_users SET user_pass =md5( '123456') WHERE user_login = 'admin'; [ok]
its means Password chnaged sucessfully !
wp6.jpg (474×175)
Now goto : and login there =)
wp1.jpg (369×358)
and if you want to upload shell in that site then please read Tutorial here

No comments:
Write comments

Get Updates about Latest Hacks, Exploits, Applications and Softwares.
Join Our Newsletter