Stuck @ Academy > HACKING WORDPRESS> Skills Assessment - WordPress -

Hi,

I am stuck at the last module of >>

**ACADEMY > HACKING WORDPRESS > Skills Assessment - WordPress INLANEFREIGHT
**


**This is the first question of the module → Identify the WordPress version number…
**

​To identify the Wordpress version of the module i use wpscan

wpscan --url http://10.129.195.42 --enumerate --api-token mytokenhere

Wpscan says no wordpress installation here on the TARGET machine →

the remote website is up, but does not seem to be running wordpress.the target machine has no wordpress installed.

Same with curl

curl -sS -X GET LOCALTARGETIP | grep generator

Nothing …

There are no signs of wordpress installation however

curl -sS -X GET LOCALTARGETIP

I see that there is this link to a http://blog.inlanefreight.local page in the source html, but this link is not resolving, so no wordpress installation there neither…

So far up until here i get no result from targeting the TARGET (10.129.195.42) machine…

so i try to wpscan inlanefreight.com

when i use wpscan on https://www.inlanefreight.com

I get version 5.6.2 and theme name as → ben_theme

But these are not the correct answers…Not accepted.

I have nmaped the Target, i see only 22 and 80 ports open!!

What am i missing here, Where is the wordpress installation ? There is no wordpress installation on the Target machine and www.inlanefreight.com wordpress version 5.6.2 is not the correct answer.

What am i missing here ??

1 Like

First, a caveat. I haven’t looked at this academy lab so I have no idea what the correct path is here.

In general, I’d be hesitant when it comes to launching any packets at what could be a legitimate website. Most resources on HTB use a .HTB or .LOCAL TLD to prevent any traffic accidentally hitting the internet. However, I do notice that the website you’ve mentioned seems… weird (the phone number is 1800 HTB 8888)

The version of WP on that public website does appear to be 5.6.2 but it’s worth noting that was only released in Feb 2021, so unless the lab is constantly updated, it is unlikely they planned ahead and put that as the answer.

So I’d focus on the IP address or http://blog.inlanefreight.local domain.

When you visit http://10.129.195.42 in your browser what do you see?

Have you tried adding blog.inlanefreight.local and inlanefreight.local to your hosts file and visiting them to see if the header change makes a difference?

2 Likes

Visiting http://10.129.195.42 i see that there is the an APACHE server serving a simple copy of an inlanefreight site.

There is no wordpress installation though, only a link to a BLOG → http://blog.inlanefreight.local

But this link wont resolve :frowning:

I did add this to resolv.conf

inlanefreight.local 10.129.195.42

And tried again

─$ curl -sS -X GET http://blog.inlanefreight.local/

Output

curl: (6) Could not resolve host: blog.inlanefreight.local

@lokey said:

Visiting http://10.129.195.42 i see that there is the an APACHE server serving a simple copy of an inlanefreight site.

Have you checked none of the sub-pages are actually Wordpress?

There is no wordpress installation though, only a link to a BLOG → http://blog.inlanefreight.local

Ok, this seems promising.

But this link wont resolve :frowning:

I did add this to resolv.conf

inlanefreight.local 10.129.195.42

Try adding blog.inlanefreight.local to the hosts file. There isn’t a DNS on most HTB environments, so you need to be pretty specific with what hosts names you want to point to what IP addresses.

1 Like

? Thanks!

====EDIT: nvm, found the way myself====

hey @lokey , any luck getting past that obstacle? I’m trying to get a foothold of anything wp-related on the target machine, but so far to no avail… on the other hand, there’s a whole forum on people discussing the later stages of the process, which would indicate there IS a way…

!!! YOU NEED TO ADD THESE TO /etc/hosts TO COMPLETE SKILLS ASSESSMENT !!!

sudo sh -c ‘echo “10.129.232.64 blog.inlanefreight.local” >> /etc/hosts’
sudo sh -c ‘echo “10.129.232.64 inlanefreight.local” >> /etc/hosts’

This is where the word press site is located. Good Luck!!!

3 Likes

Just wanted to say thanks for that, was stuck for ages.