Initial skills documentation — 25 categories, all SKILL.md + references + scripts
This commit is contained in:
+48
@@ -0,0 +1,48 @@
|
||||
# WordPress SMTP Credential Discovery
|
||||
|
||||
When a site uses WP Mail SMTP (or similar) plugin, credentials are stored in the `wp_options` table as a serialized PHP array under `wp_mail_smtp`.
|
||||
|
||||
## Query Pattern
|
||||
|
||||
```sql
|
||||
SELECT option_value FROM wp_options WHERE option_name = 'wp_mail_smtp';
|
||||
```
|
||||
|
||||
The value is a PHP serialized array. Extract fields with:
|
||||
```bash
|
||||
mysql -h 127.0.0.1 -P <PORT> -u <USER> -p'<PASS>' <DB> \
|
||||
-e "SELECT option_value FROM wp_options WHERE option_name = 'wp_mail_smtp'" \
|
||||
--skip-column-names 2>/dev/null | python3 -c "
|
||||
import sys, re
|
||||
data = sys.stdin.read()
|
||||
# PHP serialized array — extract key fields via regex
|
||||
for key in ['mailer', 'host', 'port', 'user', 'pass']:
|
||||
match = re.search(r's:4:\"$key\";s:(\d+):\"(.*?)\"', data)
|
||||
if match: print(f'{key}: {match.group(2)}')
|
||||
"
|
||||
```
|
||||
|
||||
Or parse the PHP serialized format more robustly with Python (the `php-serialize` library, or use the regex approach above for the specific fields needed).
|
||||
|
||||
## Common Locations
|
||||
|
||||
| Site | DB Name | Host | Port | User | How to access |
|
||||
|---|---|---|---|---|---|
|
||||
| Apex Track Experience | `apextrackexperience_1781549652` | c1113726.sgvps.net:2525 | 2525 | `contact@apextrackexperience.com` | MySQL tunnel on Core (`127.0.0.1:33060`) |
|
||||
| Any WordPress site on wphost02 | varies | varies | varies | varies | SSH to wphost02, query local MySQL |
|
||||
|
||||
## MySQL Tunnel Access
|
||||
|
||||
On Core, the Apex Track Experience database is accessible via SSH tunnel through wphost02:
|
||||
```bash
|
||||
mysql -h 127.0.0.1 -P 33060 -u <USER> -p'<PASS>' <DB> -e "SELECT 1"
|
||||
```
|
||||
|
||||
The tunnel is maintained by `mysql-tunnel` systemd service (Core → wphost02:3306).
|
||||
|
||||
## Pitfalls
|
||||
|
||||
- The `wp_mail_smtp` option stores the password as plaintext (not hashed) in the PHP serialized array
|
||||
- The `wp_mail_smtp_initial_version` and `wp_mail_smtp_version` options confirm the plugin version
|
||||
- WPForms uses the same WP Mail SMTP plugin for email — form notification emails are sent via these same credentials
|
||||
- The MySQL password in the connection string is also in plaintext in systemd unit files — keep unit files `chmod 600`
|
||||
Reference in New Issue
Block a user