7MS #264: Hacking Wordpress
7 Minute Security29 Juni 2017

7MS #264: Hacking Wordpress

I was pleasantly surprised to see a Wordpress site fall into a pentest scope this past week. One helpful tool to get familiar with when attacking Wordpress sites is wpscan, which is built right into Kali - or you can grab it from GitHub. Get familiar with the command line flags as they can help you conduct a more gentle scan that recovers from site errors/disconnections more easily. Specifically, read up on these options:

  • --throttle - for example, I've been using --throttle 1000 in order to be a bit less intense on my target site

  • --request-timeout and --connect-timeout help your scan recover smoothly from site errors/timeouts

Also, if you find yourself in a situation where you're testing a production Wordpress sight (not recommended), consider setting up a free up/downtime alert via a free service like Uptime Robot so you can get emails if the site ever poops out. That certainly beats hitting F5 in Firefox every 10 seconds :-)

Avsnitt(714)

7MS #569: Interview with Jim Simpson of Blumira

7MS #569: Interview with Jim Simpson of Blumira

Today we're excited to share a featured interview with our new friend Jim Simpson, CEO of Blumira. Jim was in security before it was hip/cool/lucrative, working with a number of startups as well as so...

28 Apr 202355min

7MS #568: Lets Play With the 2023 Local Administrator Password Solution!

7MS #568: Lets Play With the 2023 Local Administrator Password Solution!

Hey friends, today we're playing with the new (April 2023) version of Local Administrator Password Solution (LAPS). Now it's baked right into PowerShell and the AD Users and Tools console. It's awesom...

21 Apr 202319min

7MS #567: How to Build an Intentionally Vulnerable SQL Server

7MS #567: How to Build an Intentionally Vulnerable SQL Server

Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the episode: Download SQL Server here Install SQL via con...

14 Apr 202339min

7MS #566: Tales of Pentest Pwnage - Part 47

7MS #566: Tales of Pentest Pwnage - Part 47

Ok, I know we say this every time, but it is true this time yet again: this is our favorite tale of pentest pwnage. It involves a path to DA we've never tried before, and introduced us to a new trick ...

31 Mars 202354min

7MS #565: How to Simulate Ransomware with a Monkey

7MS #565: How to Simulate Ransomware with a Monkey

Hey friends, today we talk through how to simulate ransomware (in a test environment!) using Infection Monkey. It's a cool way to show your team and execs just how quick and deadly an infection can be...

24 Mars 202327min

7MS #564: First Impressions of OVHcloud Hosted vCenter

7MS #564: First Impressions of OVHcloud Hosted vCenter

Today we offer you some first impressions of OVHcloud and how we're seriously considering moving our Light Pentest LITE training class to it! TLDR: It runs on vCenter, my first and only virtualizati...

17 Mars 202343min

7MS #563: Cracking and Mapping and Execing with CrackMapExec - Part 2

7MS #563: Cracking and Mapping and Execing with CrackMapExec - Part 2

Hey friends, today we're covering part 2 of our series all about cracking and mapping and execing with CrackMapExec. Specifically we cover: # Enumerate where your user has local admin rights: cme smb ...

10 Mars 202335min

7MS #562: Cracking and Mapping and Execing with CrackMapExec

7MS #562: Cracking and Mapping and Execing with CrackMapExec

Hey friends, today we covered many things cracking and mapping and execing with CrackMapExec. Specifically: # General enumeration to see if your account works, and where: cme smb x.x.x.x -u username ...

3 Mars 202340min

Populärt inom Politik & nyheter

svenska-fall
aftonbladet-krim
p3-krim
rss-krimstad
spar
fordomspodden
flashback-forever
rss-sanning-konsekvens
aftonbladet-daily
rss-vad-fan-hande
motiv
rss-krimreportrarna
rss-frandfors-horna
politiken
krimmagasinet
kungligt
rss-expressen-dok
rss-flodet
rss-aftonbladet-krim
dagens-eko