Htb Academy Public Exploits

Starting with running nmap to scan the target

Scanning the 22 ssh port to get more infos about it

Cool now we do have some solid infos like the version so why not searching for public exploits for this version if there is any

nothing here let’s try something else, after navigating to the ip:port of the target we found out its a webserver built in with wordpress why not then scanning it using nmap

WordPress 5.6.1 seems intresting, why not searching it

started msf and searched for these exploits no one been found, searched on web especially in https://wpscan.com/wordpress/561/ no one is usefull for my case, here i started getting lost then i tried a new way, after that i saw on the website a body this bakcup plugin 2.7.10 for wordpress, finally a starting point that i didn’t notice from first, let’s then search it on msf

let’s configure the exploit

finally we found the flag, just wanna point to another way for doing that, a python script from Venexy: https://www.exploit-db.com/exploits/51937