WordPress - Getting credentials from configuration files (WIP)

When we have access to the files of the host machine, we can search for credentials for MySQL in the configuration files of WordPress

Go to /var/www/html (default folder for server) and list elements

cd /var/www/html
ls -a
#Example output
.htaccess  index.php  wp-admin  wp-config-docker.php  wp-config.php  wp-content
wp-cron.php  wp-includes  wp-load.php  wp-login.php  wp-settings.php  xmlrpc.php

See content of wp-config.php and search for credentials

cat wp-config.php

#Example output
...
/** Database hostname */
define( 'DB_HOST', getenv_docker('WORDPRESS_DB_HOST', 'mysql') );

/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', getenv_docker('WORDPRESS_DB_CHARSET', 'utf8') );

/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', getenv_docker('WORDPRESS_DB_COLLATE', '') );
...

getenv_docker() Is telling us that the credentials are environment variables on the container

Check environment variables to obtain the credentials to the database

env

#Example output
...
WORDPRESS_DB_PASSWORD=wordpress
...
WORDPRESS_DB_HOST=db
...
WORDPRESS_DB_USER=wordpress
...

Access the database with MySQL and the credentials we have got

mysql -u $user -h $host -p   #u for the user, h for the host, and p to ask for the password

PreviousWordPress - Abuse Theme Configuration on templates (WIP)NextCVE - Log4Shell (WIP)

Last updated 1 year ago