Wordpress as being one the widely used CMS platform is one the favorite
target of hackers now a days along with WHMCS, Instead of directly
targeting wordpress fucntionalities and vulnerable plugins, it has been
observed that the hackers are targeting a vulnerable website on the same
server and using it they are able to bypass server restrictions in
order to get the configuration file and hence hacking in to the
wordpress. This method is commonly known as Symlink Bypassing in Black Hat World and server bypassing in White hat community.
Now it's a difficult task for an attacker to manually
connect to the database and then manually replace the index file of
worpdress for a successful defacement. Therefore hackers use Mass
defacers. These are tools used by hackers to change the index files of
all the websites present on the server with their own defacement page,
This usually happens when the hacker has root level access on the
server.
Recently, The admin of Team Root "Mauritania Attacker" mailed me
his tool for the review, Which can be used by attackers to deface all
the wordpress websites present on the same server.
How Does It Work?
For this tool to work the only requirement would be that the server is
vulnerable to symlink bypass, This tool will automatically symlink all
the wordpress websites on the server and replace their indexes with the
page you will provide (.html or .PHP).
How To Use It?
The usage is extremely simple and i really don't see purpose of creating
a tutorial, however this blog is mostly read by newbies, So I will add
some screen shots.
Requirements
1. Shell On The Server
2. The shell should not be secured from Symlink Bypassing.
3. Wordpress Mass Defacement Tool
Once you have completed all the above requirements, Just upload the Mass
Defacement tool to the webserver, it will look some thing like this,
Now replace the contents of index url with your own defacement page.
Next you will see the results for the websites, yo have been able to deface:
And finally you can view the list of all the websites, you were able to deface:
How To Protect Your Self?
In order to protect your website from being defaced, All you need to do
is to change the permissions of your index files to 400. So no one will
be able to change them, however if an attacker has root level access on
the server, there is no way of protecting your website, since the
attacker can manually change the permissions.
No comments:
Post a Comment