Let’s say we have access to a WordPress-based website’s file system and we want to get in the administration. Usually one could do that by creating a new user in the database after getting the credentials for the DB from wp-config.php. Sure, but there might be some ridiculous cases when we don’t have access to that.
A simple approach could be to work around the login system in order to get a valid administrator session by editing just a single symbol in the core. If you would need to return again and again, you could even create a user of your own.
Here’s the following line of code in wp-includes/user.php on line 177:
if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
The obvious approach would be to remove !
, thus allowing for any attempt with a valid user to be successful, apart from the one with the correct password. It’s probably needless to say that the login should be protected from other login attempts, as this could otherwise lead to a random brute-forcing bot to get inside too.