Spawn Shell From WP Admin Access

Navigate to:

Appearance (left-hand side) > Editor (left-hand side) > 404 Template (right-hand side)

Replace the PHP there with malicious shell spawning PHP (e.g. pentestmonkey php reverse shell script)

Browse to http://<site_name>/wp-content/themes/<theme_name>/404.php to trigger the payload

PreviousHow to Find Security VulnerabilitiesNextPost Exploitation

Last updated