Start interactive tutorial

← Back to Projects

Cheers! - Remote Vulnerability Analysis in WordPress

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

  • linux

  • cybersecurity

  • wordpress

  • red team

  • A05:2021 - Security Misconfiguration

  • A01:2021 - Broken Access Control

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

🌱 How to Start This Lab

In this lab, you will investigate the website of a fictional beer brand called Cheers! Brewery, built on an outdated version of WordPress. Although the site appears functional and static, it is suspected to contain a vulnerable component associated with a popular script used in older WordPress themes.

Your objective is to study the structure of the site, identify potentially suspicious paths, and assess whether any components could allow remote code execution due to poor implementation.

This lab is not focused on brute force or direct access techniques, but rather on your ability to observe, deduce, and reason technically in the face of a weak configuration.

🌱 How to Start This Lab

Follow these instructions to get started:

  1. Download the virtual machine from this link:
We are sorry, you don't have enough privileges to access this block of content, please signup or upgrade your plan to access it.
1 https://storage.googleapis.com/cybersecurity-machines/cheers-lab.ova
  1. Import the machine into your preferred virtualization software (VirtualBox, VMware, etc.).
  2. To perform this lab, you will need an additional virtual machine to act as your attacking environment. This machine must have cybersecurity tools. We recommend using Kali Linux.
    • Download the pre-built Kali Linux virtual machine image from its official website. Use the "Virtual Machines" option from this link.
  3. Once the machine is started, you can begin the lab!

During your investigation, you may consider using the following:

  • Nmap, Netdiscover – for network reconnaissance
  • Firefox, Burp Suite – for inspecting website behavior
  • Wappalyzer, WhatWeb – for analyzing the technologies in use
  • Nikto, dirsearch – for detecting forgotten paths or scripts
  • Exploit-DB, WPScan, searchsploit – for checking whether outdated components have known vulnerabilities

Remember: not all attacks require brute force. Sometimes, it is enough to observe, analyze, and understand how the system works to find a flaw.

Happy hacking!

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies