Foothold
Interacting with the web application provided by the Docker VM, we notice it is running a WordPress instance:
The next step in our attack will be running the wpscan
tool and looking for any low-hanging fruit, and gathering as much information about the instance as possible.
Note
The wpscan
tool is available on Kali and almost any other penetration-testing-focused distribution. The latest version can be pulled from https://github.com/wpscanteam/wpscan.
We can start our attack by issuing a wpscan
command in the attack machine terminal. By default, passive detection will be enabled to look for available plugins, as well as various other rudimentary checks. We can point the scanner to our application using the --url
switch, passing the full URL, including the port 8000
, as the value.
root@kali:~# wpscan --url http://vulndocker.internal:8000/ [+] robots.txt available under: 'http://vulndocker.internal:8000/robots.txt' [+]...