Overview
Syllabus
Introduction
What We’ll Be Covering
Mitre Attack Initial Access Techniques
Our Target Server
Infrastructure Overview
Let’s Get Started
Performing an nmap Scan
nmap Results
Accessing their Web Server
Analyzing the Web Application
Running a Directory Brute Force
Configuring the Hosts File
Tips for Enumerating a WordPress Site
Scanning a WordPress Site with wpscan
Working with Users as a Vector
SSH Brute Force with Hydra
Logging in with our Brute Forced Credentials
Enumerating Data on the Remote Server
Using netstat
How Do We Access the MySQL Database Server?
Listing Databases & Tables
Changing a Database User’s Password
Logging into wp-admin
Conclusion
Taught by
Linode