Jump to content


Photo
- - - - -

Hacker newbie aid on WP and pdf


  • Please log in to reply
1 reply to this topic

#1 m.rce

m.rce

    Will I break 10 posts?

  • Members
  • 4 posts
  • Gender:Male

Posted 05 May 2011 - 07:58 AM

hi all!

first of all, I'd like to know from some competent guy if my hacking platform is ok: i'm using JAP. Is JAP good enough? How'd you rate JAP for ...privacy?

Next, my questions: I am trying to use the Wordpress 3.0.1 hack at http://www.exploit-d...exploits/15684/ (should be http://www.cvedetail.../CVE-2010-4257/). While fuzzing the page i am interested into, I did notice i got some 'blind' sql injections possible over comments field (i got a 500 internal error, which should happen only IFF the field value breaks the query in the script, no??

Now, I do not understand how to use http://www.exploit-d...xploits/15684/: it says "Exploitation. The logged in user must have publish_posts and edit_published_posts capabilities (this corresponds to the Author role)". What's the point of exploiting something if I have the author role - I mean, if I am blog's Author, wtf. *OR* it means that I leave a comment AND when the blog's author VIEW it the exploit triggers? Is anybody capable of explaining me how to use it??

Next part: Malicious PDF/SWF with metasploit. I examined the module creator, and I have a question: is it possible to 'edit' the generated pdf in order to add content of some kind? As it comes out, the created PDF/SWF is rather... empty. I have examined the possibility to create manually a pdf and embed it out of metasploit, but I do not know well the exploit string/how to generate it, so i've learned how to create a pdf (manually, not with a printer filter) but... I dont know the exploit string to embed.


Thanks in advance.

Edited by m.rce, 05 May 2011 - 09:02 AM.


#2 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 05 May 2011 - 04:56 PM

hi all!

first of all, I'd like to know from some competent guy if my hacking platform is ok: i'm using JAP. Is JAP good enough? How'd you rate JAP for ...privacy?

Next, my questions: I am trying to use the Wordpress 3.0.1 hack at http://www.exploit-d...exploits/15684/ (should be http://www.cvedetail.../CVE-2010-4257/). While fuzzing the page i am interested into, I did notice i got some 'blind' sql injections possible over comments field (i got a 500 internal error, which should happen only IFF the field value breaks the query in the script, no??

Now, I do not understand how to use http://www.exploit-d...xploits/15684/: it says "Exploitation. The logged in user must have publish_posts and edit_published_posts capabilities (this corresponds to the Author role)". What's the point of exploiting something if I have the author role - I mean, if I am blog's Author, wtf. *OR* it means that I leave a comment AND when the blog's author VIEW it the exploit triggers? Is anybody capable of explaining me how to use it??

Next part: Malicious PDF/SWF with metasploit. I examined the module creator, and I have a question: is it possible to 'edit' the generated pdf in order to add content of some kind? As it comes out, the created PDF/SWF is rather... empty. I have examined the possibility to create manually a pdf and embed it out of metasploit, but I do not know well the exploit string/how to generate it, so i've learned how to create a pdf (manually, not with a printer filter) but... I dont know the exploit string to embed.


Thanks in advance.



I believe it's possible to target an existing PDF with MSF's PDF exec exploit for Windows.




BinRev is hosted by the great people at Lunarpages!