TryHackMe: ColddBox: Easy
https://tryhackme.com/room/colddboxeasy
Hello everyone! Today we are trying to crack the easy box from @C0ldd__
- Open <MACHINE_IP> in browser:
Good, I assume that is WordPress website, we have link “Log in” to standard WP auth panel, so I will try to use some standard tool for WP.
Of course, you could start from nmap, dirbuster\gobuster, but I skipped it.
2. WPScan
I’m trying to get more information about our target and enumerate users.
Ok, we have user list, try to use bruteforce attack for hack it.
3. WP plugins.
4. Privilege escalation.