- A valid username and password of a user with admin rights on the Wordpress.
Connect with a user with administrative rights on the Wordpress at http://TARGET/wp-login.php.
/Wordpress/techniques/Modify-theme-to-include-php-code/imgs/dashboard.png)
Now access the theme-editor in "Appearance / Editor" at http://TARGET/wordpress/wp-admin/theme-editor.php
/Wordpress/techniques/Modify-theme-to-include-php-code/imgs/theme_editor.png)
Then edit the theme to add PHP code inside the page:
/Wordpress/techniques/Modify-theme-to-include-php-code/imgs/reverse_shell.png)
You can find reverse shell PHP payloads here: https://podalirius.net/en/articles/unix-reverse-shells-cheatsheet/#php
Now, prepare your listener with netcat (nc -lvp <port>) and enjoy your shell:
/Wordpress/techniques/Modify-theme-to-include-php-code/imgs/reverse_shell_received.png)