Targeting WordPress for exploitation
For our first pentest, we will be pentesting a target application known as WordPress, a very popular website that is used for blogging and building websites swiftly and somewhat securely. It is not uncommon for WordPress websites to be a target during a pentest simply because they are fairly agile and super simple to start up – as we will see in a moment. If you want to find out more about WordPress, please go here: https://wordpress.com/.
Now, let's look at what the actual scenario is and what we are being requested to test, as well as how to test it.
Important note
The test requirements will vary from test to test. Some targets may only need initial access, while others will require full post-exploitation. This scenario is completely dependent on the client and what their needs are.
The scenario - gaining unauthorized access
In this scenario, we have been asked to target a WordPress website and see whether we can...
