0

I'm trying to modify a PHP file through a plugin on wordpress. Everything goes well, but I had to modify the permissions to 666 manually via terminal on the victim's machine, cause even when I'm trying to change this file through the admin panel, it says that permissions are too low to overwrite the file. SO, as I discovered, it only happens when the webserver is set on 'lighttpd'. On apache/xampp it works well, I don't need to overwrite permissions, they're set during installation.

The main question. Is there a way to discover if the file on a remote machine has >=666 permissions, without the manual access to it's console? I'm using kali, ubuntu, windows, everything. Every suggestion would be perfect.

Insane
  • 61
  • 2
  • I feel that may be happening coz of the privilege associated with account from which the wordpress instance is running. That User may not have permission to make it world-writable. You may have to find some exploit for Wordpress which can do privilege escalation. – Krishna Pandey Nov 12 '15 at 20:01
  • It's caused by lighttpd. When you install apache2 on unix/xampp on win, it do not create new users - it probably uses root. On lighttpd it creates a user 'www-data' and gives him permissions to use 'var/www/ folders. Will try to find this exploit, dunno. Thanks! – Insane Nov 12 '15 at 20:26
  • You are looking for a way to learn the file permissions when you don't have file system access? I'm not sure there is a way. Typically, you want to try to write to a location where you know you have permissions (/tmp) – schroeder Nov 12 '15 at 22:20
  • Writing a file to TMP works, but first, I need to know if I have the minimal (666) chmod on a plugin file on wordpress, to overwrite it (to spawn the file in 'tmp). There is the problem. Tmp is writeable, but it's 50% chance that this wordpress plugins folder is writeable. – Insane Nov 13 '15 at 16:53

1 Answers1

1

I'm trying to modify a PHP file through a plugin on wordpress. Everything goes well, but I had to modify the permissions to 666 manually via terminal on the victim's machine ...

The plugin has access to check the permissions of the file. Whether or not you as an end user can obtain that information through the plugin is a different matter.

Is there a way to discover if the file on a remote machine has >=666 permissions, without the manual access to it's console?

Usually this is not the case. While most Wordpress plugins and webapps have access to this information, they will not usually give this information publicly.

Now, you did mention that you have an Admin login. In that case, some plugins may publish this information, or allow you to enable some type of directory listing with permissions. However, looking for a plugin that does this is a more specific question than what you have asked so far.

I'm using kali, ubuntu, windows, everything.

The OS of the attacker's computer is not really relevant. Any attack that can be made from Ubuntu can also be made from Windows, usually with the same level of difficulty.

The OS of the server sometimes makes a difference, but I don't think that is what you are getting at.

I hope this answers your 'main question'. :-)

700 Software
  • 13,807
  • 3
  • 52
  • 82