Lessons Learned

Thorough Enumeration

It appears that I was being lazy during the enumeration phase of this attempt. I originally thought that the directories that are typical for Wordpress are not worth my time to look at it through the web browser. This time turns out that the typical "/plugins" directory is exactly the key to exploiting this machine. Next time I should go through my enumeration in detail, looking into every possible directories to gather information I can.

Tool: jd-gui

Even when I am able to download the .jar files, I still struggle on how to quickly read the contents of it. Usually I would open .jar files on IDE such as Eclipse or NetBeans. But I don't really want to install such large applications just to view a .jar file. Turns out that there are tools like jd-gui that provides an easy way to view .jar files on Linux. I have then add this tool to my Kali machine as well as listing this tool in my own notes for future references.