In this video I demonstrate a penetration testing assessment on a vulnerable machine from vulnhub.com. This machine is called DerpNStink and I enjoyed working on it a lot.
In the first part of this demonstration my purpose is to find my way into the reverse - by getting a reverse shell. The vector of attack is through wordpress and an exploitable plugin.
I'm using a lot of enumeration tools and tactics to find that the server runs wordpress, to find the web-directory for wordpress, to find the users, as well as the exploitable plugin. So, the plugin is vulnerable to arbitrary file upload - meaning that a malicious user can upload a php shell and get inside the server.
In the second part. I will demonstrate how, once inside the server, I escalate my privileges from average user to root. And that part was even more insightful than this one.
This is some real hacking lesson wow!!!
With your tutorials, first class student in computer science and programming will surely evolve. I know only those that understand will appreciate this . You’re much appreciated. Taking my time to follow the video step by step
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit