Presented by MC Lam
進攻就係最好嘅防守
An Attack is the Best
to Defence
Slide 2
Slide 2 text
Why do you
need to
attack a
WordPress?
Why?
01.
02.
03.
Compliance Requirement:
To perform Formal pentest
New Hong Kong ordinance
requirement (?)
Avoid illusion of
Safety
What’s in my toolbox
• OWASP -ZAProxy
• WPScan
• ReserveShell
• Brupsuite
Slide 7
Slide 7 text
ZAP
Slide 8
Slide 8 text
What can Zaproxy do?
Automatic Vulnerability scan Marketplace for more additional
feature
Manual scan
Slide 9
Slide 9 text
ZAP
DEMO
Slide 10
Slide 10 text
What is
WPScan
It is a vulnerability Scan tailor-made for WordPress
website.
It has community edition
https://wpscan.com/
Slide 11
Slide 11 text
(read cheatsheet)
You may use some cheatsheet so that you can quickyly get used to
WPScan commend.
https://wpscan.com/blog/wpscan-cli-cheat-sheet-poster/
How to use WPScan
.
A Shell is a tools which offer to a user (usually administrator) to control a
computer. User type “command” to instruct the computer to do
something. Shell code will be a set of instruction. Which is repeatable.
Reserve Shell is a tools which instruct the application to offer the shell
using. Usually these are hacking tools.
What is
ReserveShell?
Slide 17
Slide 17 text
Example on PHP pentest monkey
Slide 18
Slide 18 text
Initial
Findings
After using ZAProxy, WPScan and reserveShell.
We have the following findings
01.
02.
03.
SQL injection pages has
been discovered
User Credital is weak
IReserveShell has not
been blocked
Slide 19
Slide 19 text
Other tools
Slide 20
Slide 20 text
What is Burpsuite community edition?
• What can it do?
• More than vulnerability scanner
• Burp Spider
• (Works as a proxy)