## page was renamed from NetworkSecurity/Lab/Lab12
## page was renamed from NetworkSecurity/Lab/Lab11
= Lab 12 - Hacking WordPress 2.8 =

== Introduction ==

This is your one chance to perform a denial of service attack of sorts. !WordPress is vulnerable to an injection attack of sorts. You don't need Metasploit for this one. More than just an exploit, I want you to think about how you can use this vulnerability to cause a denial of service. 

== Lab Goals ==

 1. Install !WordPress on the windows 2016 server.
 1. Cause !WordPress to change the Administrator password. 
 1. Outline a way to use this attack to cause a denial of service. (This will be the thought part)

== Setup ==

 1. Research how to download and install previous versions of !WordPress (These are on the official !WordPress site)
 1. Download and install !WordPress 2.8 for IIS
    1. Make sure you run through the setup 
    1. Create at least one page for yourself.
 1. IMPORTANT: Create yourself a new account that has administrator privileges - so that when you hack the other one, you can still get in.
 1. Using just a browser, force !WordPress to reset the administrator password. 

== Show Me ==

 1. Show the site working
 1. Show the hack in action. 
 1. Turn in a paragraph describing how you could use this hack to cause a denial of service.