Attack on Fort Clara

So a while back I wrote about a Lego Fort:  https://0daylego.wordpress.com/2016/04/14/spoiler-free-spoilers-what-lego-tought-me-about-it-security/

 

Now today we go through a way how some pirates could attack the fort. This is a spoilerfree spoiler to a real machine I wrote a report on it .. if you see how it works you might have done the same machine. Because some of my pictures are more a riddle than a spoiler 😉 So here we go.

attackonfortclarie-6

First our pirates do a little recon on the fort.

attackonfortclarie-2

With all their informations they go to the wise island magician who knows all the good tricks. From him they get a all seeing telescope …

With that telescope they can see everything on that fort ….

attackonfortclarie-1

With that information it is easy to find some stupid soldier ….

attackonfortclarie-3

as wich they can disguise …

attackonfortclarie-4

to deliver their evil dynamite ..

 

but unfortunatly dynamite is not allowed on the fort …

attackonfortclarie-5

so they need a flimsy disguise for the payload .. so they can put it on the fort to trigger it later with another method ..

and game over …attackonfortclarie-9

#OSCP Turning your Backdoor in a WordPress Plugin

Just a quick one:

Imagine you own a wordpress and want to upload your remote php script as a nice fancy wordpress plugin. You know, just adding a feature the original installation doesn’t have. So you grab your trusty php remote shell script .. and wordpress hates it. Damm .. So how do  we build a valid wordpress plugin?

  1. Open up your php script and add

/*
Plugin Name: WordPress.org Plugin
Plugin URI:  https://developer.wordpress.org/plugins/the-basics/
Description: Basic WordPress Plugin Header Comment
Version:     20160911
Author:      WordPress.org
Author URI:  https://developer.wordpress.org/
License:     GPL2
License URI: https://www.gnu.org/licenses/gpl-2.0.html
*/

to the start, then upload it

2. ??????

3. Profit

 

Easy ^^