WordPress: Hacking & Vulnerabilities

Dear readers,

huge apology for our delay, we had so many articles that it took us longer than  usual to put this new issue together . But the new Hakin9 is finally out! As always we would like to send a big “THANK YOU!” to our reviewers and proofreaders. We wouldn’t be able to do this without you!

Many of you are probably on vacations, sitting on the beach and relaxing, or climbing mountains, parachute jumping or simply spending time with your family. Wherever you are, I hope  you have an amazing time! To make your vacations even better we prepared a new issue, so take a break and join the WordPress world!

If you want to buy this magazine click here

>>DOWNLOAD PREVIEW<<

>>Table of Contents<<

GitHub Corner: WordPress

WordPress distributions and Security – a short overview

by Miriam Wiesner

No matter how good your WordPress safety is, keep one thing in mind: You will never be safe from attackers!

Securing WordPress

by Jomon Thomas Lobo

A website is efficient only when it is not compromised, its uptime is maximized, your data is safe and your site gives faster response. As a popular Content Management System (CMS), WordPress has a lot of security threats. Security is a practice, not something we can buy from the market. In this article, I am trying to point out some practices that reduce threats in your WordPress website. I recommend the following things to harden your WordPress website.

Restricted Linux Shell Escaping Techniques

by Felipe Martins

The focus of this article is on discussing and summarizing different techniques to escape common Linux restricted shells, as well as simple recommendations for administrators to protect against it.  This article is not focused on hardening shells, however some hints will be given to the reader as proof of concept. Additionally, this article is focused on Linux shells only, not windows. It is also important to note that not all techniques presented here will work in every restricted shell, so it is up to the user to find which techniques will suit them, depending on the environment in use. This is not intended to be a definite guide for escaping shell techniques, but a basic introduction to the subject.

How To Hack WordPress

by Emmanuel Schonberger

Monday 7:15AM, new customer calls requesting web page provisioning ASAP. You think about it for a second, got it!! deploy a WordPress Template. So you pick up your favorite *NIX distro and install a fresh copy of it on a server. You download and install WordPress, customize it with a template, you are done! Mission accomplished, survived another day in admin paradise. Clock beeps, it’s 8:30AM.

Hacking WordPress and Vulnerabilities

by Giuseppe Canale

WordPress - the Content Management System (CMS) which allows you to collect, filter, process, create and distribute data online - is used by circa 74.6 Million sites worldwide  powering more than 23% of websites on the Internet. If you’re reading this article, you’re probably an evolved Internet user, conscious of the merits of IT security, and this may partly be attributed to the work the WordPress community does to promote interest and development of the online community.  This community also contributes to its widespread usage but makes it an ideal target for hackers and those seeking to spread malicious content with a far-reaching impact.

Writing your own shellcode

by Paras Chetal

In this article, I'll walk through the entire process of writing shellcode for Linux. Writing your own shellcode is considered by some as some sort of black magic, so I thought I'd make it less murky through this comprehensive write-up to write shellcode that will spawn a shell. I'll be working on a 64bit Ubuntu 15.10 OS. However, in order to better explain the process, I'll be working with 32 bit binaries and x86 assembly. Bear in mind that the addresses (as seen in the disassembled code, etc.) will most likely be different in your computers, however, the procedure will remain the same as I have explained.

WordPress Security

by Luciano Ferrari

The number of WordPress users is 76.5 million, representing 26% of all websites globally. Fifty thousand new WordPress websites are added daily. It’s a very versatile and friendly content management system that is used by Fortune 500 companies, like eBay, GM and Reuters News. Those impressive numbers place WordPress as one of the most popular web platforms of the world. The reason? Probably because it’s free through their open source platform, ease of use, the high number of plugins developed, high number of people that know how to use it and their nice options for themes.  But those advantages can bring at least one very important con. Because of its popularity it’s been a very common target for hackers. Lots of malware and exploits are created targeting WordPress websites and, unfortunately, WordPress website administrators are not being very diligent in taking care of security.

Hacking WordPress Sites with WPScan

by Cory Miller

WordPress is one of the most popular dynamic open-source content management systems platform that provides anyone with the ability to publish ecommerce, blog, and general web sites. Because of its popularity, anyone can view the code that runs WordPress. This makes it a prime target for hackers. In order to ensure that WordPress is secure and to reduce the vulnerable landscape, WPScan was created. Like many vulnerability scanners, WPScan can identify the known common vulnerabilities that might be present within the WordPress site. By using WPScan, you can quickly identify what version plugins, themes, and accounts are present and if they have known vulnerabilities associated with them. The first line of defense is to know what could be vulnerable so that you can mitigate and increase the security of your site, and this is where WPScan can help.

Exploiting XML-RPC Vulnerability in WordPress

by Fredy Valle

WordPress is a free and open-source content management system (CMS). It’s a web software you can use to create websites, blogs or even web applications. WordPress is one of the most popular CMS today because it provides an easy and simple option for people with basic knowledge on development.

WordPress Security with WPScan

by Ricardo Ángel Encinar de Frutos

WordPress is the most used CMS to create web-sites or blogs. However, safety is one of the top concerns for those using the WordPress platform. In this article, we will go over the basic steps for securing our WordPress installation. As an aside, we will comment on those vulnerabilities that a malicious attacker would look for before considering whether our site is an easy target or not. In addition, we will check whether we can find any vulnerabilities in our site that an attacker could exploit with the tool WPScan.

Anatomy Of The WordPress Scanner And Countermeasures

by Sumit Kumar Soni

WordPress is a dynamic open-source content management system which is used to power millions of websites, web applications, ecommerce sites, and blogs. WordPress' usability, extensibility, and mature development community make it a popular and secure choice for websites of all sizes. Its popularity makes WordPress based websites a prominent target for hackers. WordPress is based on PHP and MYSQL. There are thousands of commercial and free plugins and themes available to extend WordPress functionality. These plugins & themes expand the threat landscape of WordPress based websites and requires the systems admin to further harden their installations.

Hacking a real WordPress site

by Renato Borbolla, Thiago Ferrerira,  Mike Garcia,  Paulo Henrique Pereira

The experiment described in this article has a purpose of study. We test our approach on our website and no attack was conducted on external websites. We analyzed typical vulnerabilities associated with hacking.

Should you always trust that browser padlock?

by Harpreet Bassi

We’ve always been taught that you are safe if your browser is displaying a little padlock. But is this still true? To answer this question, let’s go back to the roots of HTTP (Hyper Text Transfer Protocol).

Blog News

If you want to buy this magazine click here