--- title: WordPress vs Kali --- ### Virtualization and Kali Linux #### Milestone 1: Setting up your Virtual Environment ##### Download & Install Docker - Go to https://www.docker.com/products/docker-desktop - Select the Docker Desktop appropriate for you such as mac with intel chip or mac with apple chip or windows or linux. - Click on the platform package for your operating system. - Save the file. - OS Specific resources, the reference links have detailed steps on how to install docker: - For Mac OSX - Using the installer at this [link](https://docs.docker.com/docker-for-mac/install/) installs all the components necessary for this exercise. - Please start docker first and start instructions from docker CLI - Ensure python3 is installed if the usage of modifyCompose CLI app is desired. - For Windows - The installer at this [link](https://docs.docker.com/docker-for-windows/install/) includes all the necessary components. - Ensure python3 is installed if the usage of modifyCompose CLI app is desired. - For Linux Distros - Follow the distro specific instructions for the [Docker Engine](https://docs.docker.com/engine/install/) and for [Docker Compose](https://docs.docker.com/compose/install/). - There is no GUI included for Linux, and if needed install [Portainer](https://documentation.portainer.io/v2.0/deploy/ceinstalldocker/), an open source application which can help view and manage containers. - Ensure python3 is installed if the usage of modifyCompose CLI app is desired. Once installed, open the terminal and run below command to confirm the docker installation and version: ```console docker --version ``` Expected outcome is similar to: ```console Docker version 20.10.12, build e91ed57 ``` :::warning If you have pre-downloaded docker, verify the version of docker. We need to use docker version 19 or after to complete this assignment ::: :::info We are downloading Wordpress version 4.1.0 you do not need to change in the future to run/test vulnerabilities. Review your yml file. ::: ---- #### Method 1 Installing package: 1. On your host go to desired folder, and clone the repo. ```console git clone https://github.com/0xrutvij/wpVSkali.git ``` <span style="color:blue">Expected outcome:</span> ![](https://i.imgur.com/mWp548P.png) 2. You will have a new folder created with name *wpVSkali* run ls to view it `ls` <span style="color:blue">Expected outcome:</span> ![](https://i.imgur.com/121SVIY.png) 3. Go to the folder by running `cd wpVSkali` <span style="color:blue">Expected outcome:</span> ![](https://i.imgur.com/Ocx8iiY.png) :::info Note: Windows OS has build kit enabled by default on new versions, in such cases skip step 4 and go to step 5. ::: 4. Build Docker Containers `DOCKER_BUILDKIT=1 docker-compose build` <span style="color:blue">Expected outcome:</span> ![](https://i.imgur.com/CTxd2GN.png) :::warning Docker Build is Building Kali, Wordpress and database, this is going to take some time., Estimated 5 - 15 minutes. If the build time is more than 30 minutes, remove everyhing and start from step 1. ::: 5. Create a *wpFolder* which is source for docker compose, used in yml file, you need to use the same folder name. `mkdir wpFolder` Run `ls` to confirm folder creation <span style="color:blue">Expected outcome:</span> ![](https://i.imgur.com/2Jvtm4a.png) 6. Run docker compose up to start the containers, this will take around 5-10 minutes. ```console docker-compose up -d ``` <span style="color:blue">Expected outcome:</span> ![](https://i.imgur.com/2We4lRI.png) ![](https://i.imgur.com/Cz5mfAU.png) :::warning No Need to run any cd into wpFolder ::: 7. The docker ps command shows running containers by default. ```console docker ps -a ``` ![](https://i.imgur.com/Rb79bDk.png) ### Challenge 1: WordPress Basics 1. Open browser of your choice and go to localhost: On your browser type: ```console http://127.0.0.1:8080/ ``` or ```console http://localhost:8080/ ``` or ```console http://0.0.0.0:8080/ ``` - All these will take you to wordpress setup page - You can choose random username password and email(not nessarily an working email) ### Additional Details: Try the following to get familiar with the WordPress administrator console: - Create a post - Create a page - Create an attachment - Delete and undelete a post/page - Register users and assign roles - Change the theme - Install a plugin The above steps are basic functions that shouldn't present much of a challenge to figure out, but refer to the links below for detailed instructions. - Core WP - Background - [Terminology, Concepts, and Semantics](https://codex.wordpress.org/WordPress_Semantics) - Content Management - [Creating and using posts](https://codex.wordpress.org/Posts) - [Creating and using pages](https://codex.wordpress.org/Posts) - [Images](https://codex.wordpress.org/Using_Images) and [Attachments](https://codex.wordpress.org/Using_Image_and_File_Attachments) - [Comments (a favorite vector for hackers/spammers)](https://codex.wordpress.org/Comments_in_WordPress) - [Admin Screens](https://codex.wordpress.org/Administration_Panels)and [Admin Functions](https://codex.wordpress.org/Roles_and_Capabilities#Administrator) - [Managing registered users](https://codex.wordpress.org/Registered_User_Features) - [Managing user roles and capabilities](https://codex.wordpress.org/Roles_and_Capabilities#Capability_vs._Role_Table) - Delete posts, undelete posts - Extensions - [Themes](https://codex.wordpress.org/Using_Themes/Theme_List) - [Plugins](https://codex.wordpress.org/Plugins) ### Challenge 2: Looking Under the Hood It's one thing to understand using WP through its UI, but in order to probe the application for security issues, we really need to understand how it works, which means looking at the source code. WP has a very large codebase, and digesting all of it would require a lot of time. But we're not looking to cultivate the kind of familiarity with the source that a full-time WP developer would possess --- the goal is to apply analytical skills in a way that's more surgical than comprehensive. And this is a skill that's common among both hackers and security engineers: the ability to dig deep into large, unfamiliar codebases (sometimes even in unfamiliar languages) with very focused objectives. For this milestone, you should identify the PHP entry points in the source code for each of the core WP functions you performed in the previous milestone. For example, for the [About Page](http://wpdistillery.vm/wp-admin/about.php) in the WordPress admin section, [the source PHP is found here](https://core.trac.wordpress.org/browser/trunk/src/wp-admin/about.php). You should be able to identify the primary PHP source for creating a post, page, user, etc. But keep in mind, the goal here is not just to identify the source for a specific set of functions; the real goal is to build this skill of testing, code reading, and focused investigation. Resources: - [WordPress Source Browser](https://core.trac.wordpress.org/browser/) - [WordPress Developer Reference](https://developer.wordpress.org/reference/) ### Challenge 3: Kali, meet WordPress 1. Invoike Kali interative mode ```console docker exec -it $CONTAINERID bash ``` <span style="color:blue">Expected outcome:</span> ![](https://i.imgur.com/zVELueY.png) :::info $CONTAINERID must be replace with your container id for kaliCP ::: 2. First, we need to configure the networking in Kali to make sure WordPress is accessible at the same IP / URL. Open a Terminal window within Kali and make sure you can ping the IP of our WordPress successfully: ```console ping -c 3 127.0.0.1 ``` Should output: ![](https://i.imgur.com/LwzaRsp.png) Stop the ping with `Ctrl + C` if needed 3. Use wget to download the site's default page and pipe the output to gawk, which should extract just the page title: ```console wget -qO- 'http://127.0.0.1:8080/' | gawk -v IGNORECASE=1 -v RS='</title' 'RT{gsub(/.*<title[^>]*>/,"");print;exit}' ``` Should output: ![](https://i.imgur.com/wb7VwbK.png) :::info I named my website as Codepath_demo., The response is whatever you name your wordpress website. ::: ### Challenge 4: Casing the Joint In your Kali VM, the first tool we'll use in our Kali VM is [wpscan](https://github.com/wpscanteam/wpscan/blob/master/README.md#wpscan-arguments), a black box vulnerability scanner for WordPress. Usage is straightforward: just pass wpscan a URL and it will list all the information it can determine about the WP instance at that URL, including the version of WP, any known vulnerabilities with that version, any plugins/themes installed and vulnerabilities with those, and a [whole lot more](https://wpscan.com/). ```console wpscan --help ``` Should output: ![](https://i.imgur.com/Te8Gpx5.png) :::warning wpscan now requires an API token in order to report on vulnerabilities. Use a burner email account and fake name to register an account on [wpscan.com](https://wpscan.com/). Log in and make note of the API Token. It should be on your [profile](https://wpscan.com/profile) after choosing the free tier. ::: Make a note of your API Token, we will be using it to scan wordpress url. The next thing to do is update wpscan's database with the latest vulnerability information. ```console wpscan --update ``` Now, run wpscan against our WP instance at http://127.0.0.1:8080. ```console wpscan --url http://127.0.0.1:8080 --api-token YOUR_API_TOKEN ``` <b><span style="color:Green">Expected outcome:</span></b> ![](https://i.imgur.com/ofcAOSr.png) ![](https://i.imgur.com/X9IFp1D.png) Reviewing the output, you can see wpscan was able to correctly identify the WP version we're running and report on some miscellaneous issues...but not a whole lot more. This is because the latest version of WP should have no public vulnerabilities --- any zero-days that are announced should be quickly patched. We're also not running many plugins, so the attack surface will be limited to core WP. Once this is done Go to Unit 7 Assignment - https://courses.codepath.com/courses/cybersecurity_university/unit/7#!assignment :::success - Document All your steps in each stage. - Submit Readme with Gifs, The assignment will be graded only if gif version is submitted ::: ### Clean up: :::warning - DO NOT Cleanup before submitting the assignment ::: - To stop all the containers running, exit from kali termial and run ```console docker-compose down ``` - You can remove all images and containers by running - For Containers - To view all containers ```console docker ps -a ``` ```console docker rm CONTAINER_ID1 CONTAINER_ID2 CONTAINER_ID3 ``` - For Images ```console docker images ``` ```console docker rmi imageid_1 imageid_2 imageid_3 ``` ----------------------------------- ### M1 Troubleshoot After running ```docker-compose up -d```, if you get this error ```ERROR: no matching manifest for linux/arm64/v8 in the manifest list entries```, try this: 1. ```open docker-compose.yml``` 2. Add ```platform``` under services. ```console services: db: platform: linux/x86_64 image: mysql:5.7 ... ``` 3. Save and re-run ```docker-compose up -d```. [Stack Overflow Source](https://stackoverflow.com/questions/65456814/docker-apple-silicon-m1-preview-mysql-no-matching-manifest-for-linux-arm64-v8) ------------- ### If docker compose is giving any issues: - Download: https://drive.google.com/drive/u/0/folders/17BvZkZ5sw2qJ0wjrrtix3CPv8bobz8mx - Move wpVSkali from downloads to wherever you want/ need - Follow from step 3: https://hackmd.io/APjiFmrNQt-TsMc0Sr_JPQ?view#Challenge-3-Kali-meet-WordPress - Still receving errors? contact support ------------- ### Alternative Method: - If you want to do everything manullay, might not have enough instructions, you need to trouble shoot things on your own. - https://hackmd.io/@GQd-YFYmSca8cYesHoNRvw/SyiYf8X7q