HACK WORDPRESS BLOG USING WPSCAN IN BACKTRACK OR KALI LINUX
WPScan.rb is a nifty bit of program that allows you to scan WordPress sites for information as well as do some fun stuff.Say for example you want to "hack" into your friends WordPress site :-)...or just get some information, whatever.
I'm using BackTrack 5 r3 for this tutorial but you can use kali linux for this they are similar
Step1: You can use it to enumerate usernames, so you can see what usernames are valid on the WordPress site by running this command:
ruby ./wpscan.rb --url www.friends-site.com --enumerate u
Running this command against a real WordPress site will show something like this:
Now that you know what the usernames are, you can then try to brute force it with a list of passwords. This process takes a while, and you have to have a word list. BackTrack 5 r3 comes with a decent word list, so I'll use that in this example.
ruby ./wpscan.rb --url www.friends-site.com --wordlist /pentest/passwords/wordlists/darkc0de.lst --username admin
The above command is telling WPScan to attack your friends URL, using the username "admin" with the word list that is located in the /pentest/passwords/wordlists/ folder of Back Track 5.
You can even add threading to make the process a little faster by using this switch: --threads 50
There are a few more things you can do, including scanning for what plugins the site uses, as well as telling you which ones are vulnerable.
If You don't Have " WPSCAN " Download It From Their Website
Happy WordPress Hacking!!
Below I Kept The Download Links for The Required Things You Will Need In This Tutorials
Download Backtrack 5R3 32bit
Download Backtrack 5R3 64bit
Download Kali Linux 32 Bit
Download Kali Linux 64 Bit
I used The Default Word List in Backtrack Incase, i am giving you a 1.1 million word list...
DOWNLOAD 1.1MILLION WORD LIST
Also Read : HOW TO DEFACE WORDPRESS WEBSITES
Click to Like Our Facebook Page |
I tried this method but got a problem .
ReplyDeletewhen tried to add the wordpress site url it says the site is down , but actually the site is running great.
any suggestions for my problem ??
@Ajai Sandy The Script itself must have some problem or maybe the website has high security...!!! check another website if it works or no.
ReplyDeleteIf another Website works means the website has problems or if it STILL doesn't work then the script is having problems...
try to check or upgrade your OS to kali linux...