00:00 - Intro
00:50 - Start of nmap
02:10 - Starting WPSCAN
02:50 - There's no index.php in wp-content/plugins/, which lets us find a vulnerable plugin (eBook Download 1.1)
05:50 - Playing with the eBook Download LFI
07:45 - Doing a full nmap portscan
08:20 - Using the LFI to extract the process names with curling /proc and doing some cut/sed magic
10:15 - Downloading the cmdline for the first 1000 PID's
13:00 - Using find to show us files greater than a couple bytes to show us every valid PID
14:40 - Examining the final output, discovering screen running and gdb
16:00 - Using metasploit to exploit GDB
21:50 - Reverse shell returned, playing with screen to connect to the session
24:30 - Attaching to the root session, then digging into why this worked
31:40 - Digging into wpscan to see how to make it find this
Support the originator by clicking the read the rest link below.
