Differences between revisions 1 and 2
Revision 1 as of 2017-04-26 21:26:33
Size: 614
Editor: scot
Comment:
Revision 2 as of 2017-04-26 21:42:05
Size: 1251
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Lab 11 - Hacking !WordPress 2.8 = = Lab 11 - Hacking WordPress 2.8 =
Line 4: Line 4:
The purpose of this lab is to introduce you to ... This is your one chance to perform a denial of service attack of sorts. !WordPress is vulnerable to an injection attack of sorts. You don't need Metasploit for this one. More than just an exploit, I want you to think about how you can use this vulnerability to cause a denial of service.
Line 7: Line 7:
 1. List your goals here
 1. This should reflect what you want students to do and,
 1. Should be reflected in the show me section		  1. Install !WordPress on the windows 2016 server.
 1. Cause !WordPress to change the Administrator password.
 1. Outline a way to use this attack to cause a denial of service. (This will be the thought part)
Line 12: Line 12:
Delineate what is required for the setup. This section should include detailed instruction and if necessary, links to resources that they must fill out and hand in.
 1. Research how to download and install previous versions of !WordPress (These are on the official !WordPress site)
 1. Download and install !WordPress 2.8 for IIS
    1. Make sure you run through the setup
    1. Create at least one page for yourself.
 1. IMPORTANT: Create yourself a new account that has administrator privileges - so that when you hack the other one, you can still get in.
 1. Using just a browser, force !WordPress to reset the administrator password.
Line 15: Line 21:
 1. List the elements that you must show me for full credit.
 1. If you don't complete the lab in class, then you need to do this section in a video.
 1. Show the site working
 1. Show the hack in action.
 1. Turn in a paragraph describing how you could use this hack to cause a denial of service.

Lab 11 - Hacking WordPress 2.8

Introduction

This is your one chance to perform a denial of service attack of sorts. WordPress is vulnerable to an injection attack of sorts. You don't need Metasploit for this one. More than just an exploit, I want you to think about how you can use this vulnerability to cause a denial of service.

Lab Goals

  1. Install WordPress on the windows 2016 server.

  2. Cause WordPress to change the Administrator password.

  3. Outline a way to use this attack to cause a denial of service. (This will be the thought part)

Setup

  1. Research how to download and install previous versions of WordPress (These are on the official WordPress site)

  2. Download and install WordPress 2.8 for IIS

    1. Make sure you run through the setup
    2. Create at least one page for yourself.
  3. IMPORTANT: Create yourself a new account that has administrator privileges - so that when you hack the other one, you can still get in.

  4. Using just a browser, force WordPress to reset the administrator password.

Show Me

  1. Show the site working
  2. Show the hack in action.
  3. Turn in a paragraph describing how you could use this hack to cause a denial of service.

AdvancedNetworkSecurity/Labs/Lab12 (last edited 2019-04-11 15:43:24 by scot)