diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/README.md b/owasp-top10-2017-apps/a6/misconfig-wordpress/README.md
index e26ff819b..737981e8b 100644
--- a/owasp-top10-2017-apps/a6/misconfig-wordpress/README.md
+++ b/owasp-top10-2017-apps/a6/misconfig-wordpress/README.md
@@ -1,42 +1,227 @@
# Vulnerable Wordpress Misconfig
-> This is a simple Wordpress web application that contains an example of a Security Misconfiguration vulnerability.
-## What is Security Misconfiguration?
+This is a simple Wordpress web application that contains an example of a Security Misconfiguration vulnerability and it's main goal is to describe how a malicious user could exploit multiple Security Misconfiguration vulnerabilities intentionally installed on SecWeb.
+
+## Index
-Definition from [OWASP](https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf):
+- [Definition](#what-is-security-misconfiguration)
+- [Setup](#setup)
+- [Attack narrative](#attack-narrative)
+- [Objectives](#secure-this-app)
+- [Solutions](#pr-solutions)
+- [Contributing](#contributing)
-Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched and upgraded in a timely fashion.
+## What is Security Misconfiguration?
-## Requirements
+Security misconfiguration can happen at any level of an application stack, including the network services, platform, web server, application server, database, frameworks, custom code, and pre-installed virtual machines, containers, or storage. Automated scanners are useful for detecting misconfigurations, use of default accounts or configurations, unnecessary services, legacy options, etc.
-To build this lab you will need [Docker][Docker Install] and [Docker Compose][Docker Compose Install].
+The main goal of this app is to discuss how **Security Misconfiguration** vulnerabilities can be exploited and to encourage developers to send secDevLabs Pull Requests on how they would mitigate these flaws.
-## Deploy and Run
+## Setup
-After cloning this repository, you can type the following command to start the vulnerable application:
+To start this intentionally **insecure application**, you will need [Docker][Docker Install] and [Docker Compose][Docker Compose Install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start:
+
+```sh
+cd secDevLabs/owasp-top10-2017-apps/a6/misconfig-wordpress
+```
```sh
make install
```
-Then simply visit [localhost:8000][App] !
+Then simply visit [localhost:8000][App] ! ๐
+
+## Get to know the app ๐
+
+To properly understand how this application works, you can try to:
+
+- Visit it's homepage!
+
+## Attack narrative
+
+Now that you know the purpose of this app, what could possibly go wrong? The following section describes how an attacker could identify and eventually find sensitive information about the app or it's users. We encourage you to follow these steps and try to reproduce them on your own to better understand the attack vector! ๐
+
+### ๐
+
+#### Verbose error message allows for username enumeration
+
+It's possible to reach the site through the HTTP port 8000, as shown by the image below:
+
+
+
+
+
+Having a closer look at what's written bellow `SECWEB` we have a sign that the site might be using the WordPress CMS. We can confirm that suspicion by trying to access the `/wp-admin` page. As we can see from the image below, our suspicion is confirmed:
+
+
+ 
+
+
+An attacker could try to log in with the username: `admin` and realize, through the error message, that `admin` is a valid user, as depicted by the image below:
+
+
+ 
+
+
+### ๐ฅ
+
+At this moment, an attacker could use [Burp Suite](https://portswigger.net/burp) to perform a brute force attack using this [wordlist] (if you need any help setting up your proxy you should check this [guide](https://support.portswigger.net/customer/portal/articles/1783066-configuring-firefox-to-work-with-burp)). To do so, after finding the login POST request, right click and send to Intruder, as shown bellow:
+
+
+ 
+
+
+In `Positions` tab, all fields must be cleared first via `Clear ยง` button. To set `pwd` to change acording to each password from our dictionary wordlist, simply click on `Add ยง` button after selecting it:
+
+
+ 
+
+
+If a valid password is found, the application may process new cookies and eventually redirect the flow to other pages. To guarantee that the brute force attack follows this behavior, set `Always` into `Follow Redirections` options in `Options` tab, as shown bellow:
+
+
+ 
+
+
+In `Payloads` tab, simply choose the wordlist from `Load...` option and then the attack may be performed via `Start attack` button:
+
+
+ 
+
+
+After sending at around 200 requests to try and obtain a valid admin password, it is possible to see from the image below that the app redirected us when the password `password` was used, thus giving us evidence that it might be the `admin` password.
+
+
+ 
+
+
+The suspicion was confirmed when trying to log in with these credentials. As shown below:
+
+
+ 
+
+
+-----
+
+### ๐
+
+#### Outdated WordPress is vulnerable to an authenticated arbitrary file deletion
+
+Now that we know we're dealing with a WordPress, we can use the [WPScan] tool to perform a sweep in the app in search for known vulnerabilities. The following command can be used to install it:
+
+```sh
+brew install wpscan
+```
+
+And then use this command to start a new simple scan:
+
+```sh
+wpscan -u localhost:8000
+```
+
+
+ 
+
+
+### ๐ฅ
+
+As seen from the image above, the tool found out that the CMS version is outdated and vulnerable to an Authenticated Arbitrary File Deletion. By using [searchsploit] tool an attacker could find a [malicious code] to exploit this vulnerability.
+
+To install this tool, simply type the following in your OSX terminal:
+
+```sh
+brew install exploitdb
+```
+
+Then simply search for the version of the CMS found:
+
+```sh
+searchsploit wordpress 4.9.6
+```
+
+ 
+
+
+----
+
+## ๐
+
+#### Security misconfiguration allows for a browseable directory on the server
+
+By having another look at the results from [WPScan], it's possible to see that the tool found a browseable directory in the app: `/wp-content/uploads/`, as we can see from the image below:
+
+
+ 
+
+
+## ๐ฅ
+
+We can confirm that the directory is browseable by accessing it through a web browser, as shown by the following image:
+
+
+ 
+
+
+----
+
+## ๐
+
+#### Misconfigured headers gives away unnecessary information about the server
+
+Using [Nikto] tool to perform a security check scan, it's possible to see that there are multiple points of attention regarging security headers.
+
+To install it, you can use the following command in your OSX terminal:
+
+```sh
+brew install nikto
+```
+
+Then scan the web app using:
+
+```sh
+nikto -h http://localhost:8000/
+```
+
+
+ 
+
+
+Now, by doing the following curl command to check the HTTP headers of the application, we can confirm that it indeed exposes the PHP version installed, as shown by the image below:
+
+
+ 
+
+
+----
+
+## Secure this app
+
+How would you migitate this vulnerability? After your changes, an attacker should not be able to:
-## Attack Narrative
+* See verbose error messages
+* Log in with default credentials
+* See verbose tokens
+* Find an outdated CMS version
-To understand how this vulnerability can be exploited, check [this section](docs/ATTACK.md)!
+Note: In this particular app, due to how it works, you can simply write down the changes you would make to mitigate those vulnerabilites and submit it as a pull request.
-## Mitigating the vulnerability
+## PR solutions
-(Spoiler alert ๐ง) To understand how this vulnerability can be mitigated, check [this other section](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+label%3A%22mitigation+solution+%F0%9F%94%92%22+label%3A%22Vuln+Wordpress+Misconfig%22)!
+[Spoiler alert ๐จ] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+label%3A%22mitigation+solution+%F0%9F%94%92%22+label%3A%22Vuln+Wordpress+Misconfig%22)!
## Contributing
-Yes, please. :zap:
+We encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! ๐
[Docker Install]: https://docs.docker.com/install/
[Docker Compose Install]: https://docs.docker.com/compose/install/
-[App]: http://127.0.0.1:8000
+[App]: http://localhost:8000
+[wordlist]: https://github.com/danielmiessler/SecLists/blob/master/Passwords/UserPassCombo-Jay.txt
+[wpscan]:https://wpscan.org/
+[malicious code]: https://www.exploit-db.com/exploits/44949
+[nikto]: https://cirt.net/Nikto2
+[searchsploit]: https://www.exploit-db.com/searchsploit
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/ATTACK.md b/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/ATTACK.md
deleted file mode 100644
index 3bbbd124f..000000000
--- a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/ATTACK.md
+++ /dev/null
@@ -1,160 +0,0 @@
-# Attack Narrative - SecWeb: A Vulnerable WordPress Site
-
-The main goal of this documentation is to describe how a malicious user could exploit multiple Security Misconfiguration vulnerabilities intentionally installed on SecWeb, a vulnerable wordpress site, from secDevLabs.
-
-If you don't know [secDevLabs](https://github.com/globocom/secDevLabs) or this [intended vulnerable web application](https://github.com/globocom/secDevLabs/tree/master/owasp-top10-2017-apps/a6/misconfig-wordpress) yet, you should check them before reading this narrative.
-
-----
-
-### Note: This narrative shows a few examples of security vulnerabilities found in this app, although there could be more. ๐ง
-
-## ๐
-
-It's possible to reach the site through the HTTP port 8000, as shown by the image below:
-
-
- 
-
-
-Having a closer look at what's written bellow `SECWEB` we have a sign that the site might be using the WordPress CMS. We can confirm that suspicion by trying to access the `/wp-admin` page. As we can see from the image below, our suspicion is confirmed:
-
-
- 
-
-
-An attacker could try to log in with the username: `admin` and realize, through the error message, that `admin` is a valid user, as depicted by the image below:
-
-
- 
-
-
-## ๐ฅ
-
-At this moment, an attacker could use [Burp Suite](https://portswigger.net/burp) to perform a brute force attack using this [wordlist] (if you need any help setting up your proxy you should check this [guide](https://support.portswigger.net/customer/portal/articles/1783066-configuring-firefox-to-work-with-burp)). To do so, after finding the login POST request, right click and send to Intruder, as shown bellow:
-
-
- 
-
-
-In `Positions` tab, all fields must be cleared first via `Clear ยง` button. To set `pwd` to change acording to each password from our dictionary wordlist, simply click on `Add ยง` button after selecting it:
-
-
- 
-
-
-If a valid password is found, the application may process new cookies and eventually redirect the flow to other pages. To guarantee that the brute force attack follows this behavior, set `Always` into `Follow Redirections` options in `Options` tab, as shown bellow:
-
-
- 
-
-
-In `Payloads` tab, simply choose the wordlist from `Load...` option and then the attack may be performed via `Start attack` button:
-
-
- 
-
-
-
-
-After sending at around 200 requests to try and obtain a valid admin password, it is possible to see from the image below that the app redirected us when the password `password` was used, thus giving us evidence that it might be the `admin` password.
-
-
- 
-
-
-The suspicion was confirmed when trying to log in with these credentials. As shown below:
-
-
- 
-
-
-----
-
-## ๐
-
-Now that we know we're dealing with a WordPress, we can use the [WPScan] tool to perform a sweep in the app in search for known vulnerabilities. The following command can be used to install it:
-
-```sh
-brew install wpscan
-```
-
-And then use this command to start a new simple scan:
-
-```sh
-wpscan -u localhost:8000
-```
-
-
- 
-
-
-## ๐ฅ
-
-As seen from the image above, the tool found out that the CMS version is outdated and vulnerable to an Authenticated Arbitrary File Deletion. By using [searchsploit] tool an attacker could find a [malicious code] to exploit this vulnerability.
-
-To install this tool, simply type the following in your OSX terminal:
-
-```sh
-brew install exploitdb
-```
-
-Then simply search for the version of the CMS found:
-
-```sh
-searchsploit wordpress 4.9.6
-```
-
- 
-
-
-----
-
-## ๐
-
-By having another look at the results from [WPScan], it's possible to see that the tool found a browseable directory in the app: `/wp-content/uploads/`, as we can see from the image below:
-
-
- 
-
-
-## ๐ฅ
-
-We can confirm that the directory is browseable by accessing it through a web browser, as shown by the following image:
-
-
- 
-
-
-----
-
-## ๐
-
-Using [Nikto] tool to perform a security check scan, it's possible to see that there are multiple points of attention regarging security headers.
-
-To install it, you can use the following command in your OSX terminal:
-
-```sh
-brew install nikto
-```
-
-Then scan the web app using:
-
-```sh
-nikto -h http://localhost:8000/
-```
-
-
- 
-
-
-Now, by doing the following curl command to check the HTTP headers of the application, we can confirm that it indeed exposes the PHP version installed, as shown by the image below:
-
-
- 
-
-
-[wordlist]: https://github.com/danielmiessler/SecLists/blob/master/Passwords/UserPassCombo-Jay.txt
-[wpscan]:https://wpscan.org/
-[malicious code]: https://www.exploit-db.com/exploits/44949
-[nikto]: https://cirt.net/Nikto2
-[searchsploit]: https://www.exploit-db.com/searchsploit
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack1.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack1.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack1.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack1.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack10.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack10.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack10.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack10.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack11.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack11.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack11.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack11.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack12.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack12.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack12.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack12.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack13.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack13.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack13.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack13.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack2.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack2.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack2.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack2.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack3.1.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack3.1.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack3.1.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack3.1.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack3.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack3.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack3.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack3.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack4.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack4.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack4.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack4.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack5.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack5.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack5.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack5.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack6.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack6.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack6.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack6.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack7.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack7.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack7.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack7.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack8.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack8.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack8.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack8.png
diff --git a/owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack9.png b/owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack9.png
similarity index 100%
rename from owasp-top10-2017-apps/a6/misconfig-wordpress/docs/attack9.png
rename to owasp-top10-2017-apps/a6/misconfig-wordpress/images/attack9.png