Starting with the results from the OWASP-ZAP scan from Scanning for vulnerabilities, we will do the following:
- As seen in Hacking WordPress, a SQL-injection attack allowed us to extract the admin user information that was later cracked with hashcat. We will be taking that single vulnerability and using it to go beyond just the WordPress database.
- To start, we need to identify the underlying database. Open a terminal, and at the command line enter the following:
root@kali:~/Chapter9# sqlmap -u "http://192.168.56.100/wordpress/wp-content/plugins/wpSS/ss_load.php?ss_id=1"
- This will provide the following information, indicating it is MySQL server 5 or higher:
[03:00:56] [INFO] the back-end DBMS is MySQLweb server operating ...