Quaoar is not just an object in the Kuiper belt after the Canadian Hackfest 2016. It is a vulnerable machine on vulnhub.
There are many walkthroughs for this machine published. Still, I have decided to post a new one for two reasons. Many pentesters exploit wordpress in long way, whereas there is a quicker one, which is also more convenient, and, this guide contains also a part discussing securing such machine, which is also missing in many other reports, or is even described wrongly.
Here I describe how to create a pentesting or security research virtual laboratory on your own laptop. Using it you can master your pentesting skills and stay reasonably secure yourself when you do it.
Security of the lab is important, because a lab typically contains either vulnerable software or malicious software. You want to isolate your machine and network reasonably from the lab. It also can be that a system you test is both vulnerable and malicious, but you do not know about it yet.
There is one step, automated in Metasploit,
which penetration testers need time-to-time: getting a shell
from the admin account of a Wordpress installation.
Here I show you the easiest way to achieve it manually.
It will also bring you understanding of how it might
be done automatically by tools like Metasploit.