Database Credential
Checking for DB credential after making a manual system enumeration
loly@ubuntu:/var/www/html/wordpress$ cat wp-config.php | grep -v '[#/]' cat wp-config.php | grep -v '[#/]'
<?php
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
*
* @package WordPress
define( 'DB_NAME', 'wordpress' );
define( 'DB_USER', 'wordpress' );
define( 'DB_PASSWORD', 'lolyisabeautifulgirl' );
define( 'DB_HOST', 'localhost' );
define( 'DB_CHARSET', 'utf8' );
define( 'DB_COLLATE', '' );
[...REDACTED...]DB credential found in the WordPress configuration file; wordpress:lolyisabeautifulgirl. This was also enumerated by PEAS
There is no need to connect and enumerate the internal MySQL instance as the web app has already been enumerated
The password, however, appears that it may belong to the loly user who is a valid system user
Thus, it must be tested for password reuse.