CMS

• Enumerate version

• Google their vulnerability

• Google what configuration file that they have

Web tech tricks

Some tricks for finding vulnerabilities in different well known technologies being used:

• AEM - Adobe Experience Cloud

• Apache

• Artifactory

• Buckets

• CGI

• Drupal

• Flask

• Git

• Golang

• GraphQL

• H2 - Java SQL database

• IIS tricks

• JBOSS

• Jenkins

• Jira

• Joomla

• JSP

• Laravel

• Moodle

• Nginx

• PHP (php has a lot of interesting tricks that could be exploited)

• Python

• Spring Actuators

• Symphony

• Tomcat

• VMWare

• Web API Pentesting

• WebDav

• Werkzeug

• Wordpress

• Electron Desktop (XSS to RCE)

Wordpress

Admin page

/wp-admin
/wp-login

Configuration files

setup-config.php
wp-config.php

Enumerate users

/?id=1
/?id=2

Uploading shell using WP_THEME

1. Login into dashboard and explore the appearance tab

2. Go into Themes section under Appearance and select Editor

3. Edit the 404.php file and inject the reverse shell code into it to obtain reverse connection of the webserver

4. Go to that page to trigger the reverse shell.