Wordpress as being one the widely used CMS platform is one the favorite target of hackers now a days along with WHMCS, Instead of directly targeting wordpress fucntionalities and vulnerable plugins, it has been observed that are targeting a vulnerable website on the same server and using it they are able to bypass server restrictions in order to get the configuration file and hence hacking in to the wordpress. This method is commonly known asSymlink Bypassing in Black Hat World and server bypassing in White hat community.
Now it's a difficult task for an attacker to manually connect to the database and then manually replace the index file of worpdress for a successful defacement. Therefore hackers use Mass defacers. These are tools used by hackers to change the index files of all the websites present on the server with their own defacement page, This usually happens when the hacker has root level access on the server.
Recently, The admin of Team Root "Mauritania Attacker" mailed me his tool for the review, Which can be used by attackers to deface all the wordpress websites present on the same server.
How Does It Work?
For this tool to work the only requirement would be that the server is vulnerable to symlink bypass, This tool will automatically symlink all the wordpress websites on the server and replace their indexes with the page you will provide (.html or .PHP).
How To Use It?
The usage is extremely simple and i really don't see purpose of creating a tutorial, however this blog is mostly read by newbies, So I will add some screen shots.
1. Shell On The Server
2. The shell should not be secured from Symlink Bypassing.
3. Wordpress Mass Defacement Tool
Once you have completed all the above requirements, Just upload the Mass Defacement tool to the webserver, it will look some thing like this, Now replace the contents of index url with your own defacement page.
Next you will see the results for the websites, yo have been able to deface:
And finally you can view the list of all the websites, you were able to deface:
How To Protect Your Self?
In order to protect your website from being defaced, All you need to do is to change the permissions of your index files to 400. So no one will be able to change them, however if an attacker has root level access on the server, there is no way of protecting your website, since the attacker can manually change the permissions.