Another great write up Pete.
Andrew Hilton

I just gave your write-up a read and I see what you mean! I really want to go back to it at some point and work on it a bit more. I feel there is an easier way to shell the box, I started brute forcing the WordPress user accounts and actually got into one called John, it looked like it had access to change/add pages so I cancelled the brute force at that stage, when I went back to it for a ‘simple’ reverse shell I realised there was no save option on any of the pages, so i could read the code but not amend. I was hitting it with rockyou.txt and by that stage couldn’t be bothered to relaunch it. I know Hydra is meant to be able to pick up where it left off, but I’ve never been able to make that feature work, and I’m more of a fan of wfuzz.