Click to Play

Social Media and Businesses
Chris Brogan and Lee Odden have been teased about their striking resemblance to each other, so WebProNews decided to feed to the humor and interviewed them...

Recent Articles

Bypassing Internet Communication Restrictions
Steve Hodson from Win Extra quite rightly asks what we can do in the face of restrictive or repressive internet social media. The good thing is that this is an easy question to answer, because humans have been...

Securing Your Site With Google Advice
Hacking is a major problem that is increasing day by day. The Internet world is flocked with hundreds of, infact of thousands of anti hacking software but their effectiveness is still in question! In a recent post at Google's Webmaster Central blog, Search Quality Team...

Dolphin Stadium Hacked For Super Bowl
In what is becoming far too normal, the Dolphin Stadium Web Site was hacked for a few hours and was delivering malware to people who visited it. The American Football League is looking for information on the hacker...

Monster Gets A Monster Of A Hack Again
Monster has been been hacked again, along with USAJobs.gov (which monster runs), this time with a loss of information for people who are seeking jobs. Be careful which job opportunities you respond to...

Learning Hacks The Chinese Hackers Use
You might be surprised by how mundane this list is, most security engineers should have them in their toolboxes as well. A few here are new to me, and worth sharing. The Dark visitor has a list of common tools that Chinese hackers are using, the good part is that if you...

Security Professional Need To Test Network Penetration
How do you tell a good security company from a bad one? That is the problem, do you really know you are getting the experts you are paying for. Businesses hire experts to do pen testing and audit their company...


03.23.09

Hacking WordPress Through Security Flaws

By Dan Morrill

Bandit Defense has posted a new Wordpress hack, but there are some things you need to know about first. The biggest one is that it relies on poor security at the hosting company, and already knowing the password to the Wordpress website you want to hack.

I will give credit to bandit defense for posting something interesting and new when it comes to Wordpress hacking. The process is simple and elegant, which is always a good thing when it comes to hacking. The problem is that it relies on a number of security flaws that may or may not be present in the system. That is what will make this hard to accomplish unless you already know things, or the web site is poorly secured.

I made references in my previous post about the Semisecure Login Wordpress plugin about how if an attacker gets a Wordpress username and password for your website, it can be used to wreak havoc on the web server that's hosting it. This post will show you exactly how to do that. It doesn't teach how to hack Wordpress installs. That would be a very interesting thing to talk about, but I'm honestly not the most knowledgeable on the subject (any comments or emails to me about it would be greatly appreciated). Rather this is what an attacker could do if they already successfully have access to an account. Source: Bandit Defense

The first thing the hacker would need to know is the admin password to the Wordpress installation. Usually the Wordpress password that people use is either the default password made when the account was initialized, or they use some nice dictionary word that would be easier to brute force your way into. I would not hesitate to guess that the majority of Wordpress installations have one or the other. If it is the default password, then it is a combination of numbers and letters of varying lengths that will take time to brute force.

Bandit does bring up the idea of the wp_config file, that will give you the credentials to the database. If you want to go mucking about in the database there is also the connect string to the database. Harder if it is local host, easier if the database points off to something like a separate server. That would be tons easier if the goal is to control the database and do interesting things with the person's site. Wordpress gives some incredibly good examples of how to secure your default word press installation, but my belief is that few people will do this; it is always easier to just do the normal install and be on your way to using Wordpress the way that it comes out of the box.

Increase Your Profits and Grow Your Business
With Payment Connect

What is interesting and something that does make the approach unique is the idea of using the C99 shell, a php file with a ton of shell commands that will let you romp around the web server. What Bandit is counting on to gain access to other web sites is that each web site on the shared server is visible to each other. Not an unusual thought when it comes to low cost shared servers. It is possible to tool around other people's web sites if the security configuration of the shared server is very poor.

Overall it is fairly unique in that the C99 shell (and he recommends you make your own) is in the uploads directory when you are done, pretty much so allowing you to run around and use PHP commands at the server.

The problem is that the person has to already have access to the Wordpress installation in one form or another, and unless the installer did something really bad, like use the same name and password for the DB connection as they are using for accessing admin on the Wordpress installation then this starts making sense. If they did not, it is much easier to use the wp_config file and finding out where the database is hosted to do things to someone's Wordpress installation.

Interesting way of looking at Wordpress though, the problem is that this is not a "technique for everyone", there are easier ways of accomplishing things that would be more devastating to the original Wordpress installation. The cool part is that few if any have thought of dumping the C99 script in the uploads directory and using that to tool around the web site, and possibly, if the server is very poorly secured, tooling around all the web sites on the shared server.

The other really simple way of doing this, Google search "index of site:com +wp_config" will give you pretty much the same power to tool around directories.

Comments


About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.





NetworkNewz is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com





-- NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2009 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | newsletters | comments/feedback | submit article


The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz News Archives About Us Feedback NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact