How to Hack WordPress Websites
Welcome back to you this blog. Today, I will show you How to Hack WordPress websites. Our first step is to prepare the tool we will use. By the way, there are a bunch of WordPress Hacking tools available on the internet. But we will use this wpscan tool that is pre-installed in Kali Linux.
- Virtualbox
- Kali Linux / “Attacker”
- Ubuntu machine “192.168.43.127”
- wpscan
- Nmap
- dirb
- Good wordlist
Imagine the scenario:
We stay located in a corporate network, and we desire to hack the WordPress website and obtain weaknesses in it. But this will be feasible only when you have the outer awareness of penetration testing. We can’t hack WordPress websites without the proper knowledge. To acquire more information, you will have to read this blog till the end. We want to say hacking is an art that enhances through hard work.
Let’s start, Hack WordPress website
The first step is to identify the target IP. for that, we will use the netdiscover command. This command will help you to discover the target IP. As you know, we have mentioned each blog. Look at the below image.
netdiscover
In the next stage! We will scan to the target using Nmap with IP address “192.168.43.127”, at the scanning stage using Nmap we can see open port ports that we can exploit, on there are three types of weakness. Look at the below image.
- FTP (File transfer protocol)
- SSH (Secure Shell)
- HTTP (Hypertext transfer protocol)
nmap -sV -A 192.168.43.127
Often, Hack WordPress websites, we need to scan our target URL. At this time, we will use the dirb tool.
DIRB is a tool designed to find these objects, hidden and not hidden.
In this stage! We try to open the WordPress URL in the browser and Open the WordPress login page. If you want to hack a WordPress website, then follow the below steps.
In this stage! we will scan the vulnerable themes of the WordPress website. Without scanning WordPress themes and plugins, you can’t hack a WordPress website.
wpscan –url http://vtcsec/secret/ -e vt
In this stage! We will enumerate the username of the WordPress website. For that, we will use the wpscan tool. wpscan is pre-install in Kali Linux. Using wpscan, you can Brute-force attack on username and password.
wpscan –url http://vtcsec/secret/ -e u
I got my username.
In this final stage, we will execute a brute-force attack on the WordPress site to find passwords. We will use a custom wordlist. If you have no mind, that how to create a custom wordlist. You can visit my YouTube channel.
wpscan –url http://vtcsec/secret/ -U admin -P /usr/share/wordlists/rockyout.txt
In the end, we got the username and password.
We succeed. At this time, we will open the WordPress login page and login with an authenticate credential.
Login using username: admin and password: admin and you can access dashboard admin. If you liked this blog, then you must subscribe to our YouTube channel.
Recent Posts
- Protected: How To Mount USB Drive in Ubuntu Linux
- CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability
- SQL INJECTION – Extracting Username and Password From Database
- How To Dump Username And Password Using SQLMap Tool?
- Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
The professional hacker true out the word that I believed in him is only Henryclarkethicalhacker Group Hackers Checked Google and see everybody comments on him he a professional that I believed in him if you have problems on any stuffed like a bank, company, school grades change examinations, database, Social media hacks, Email hacks, Phone hacks, Bitcoin hacks, increased Credit score boost to 800, School result upgrading, cryptocurrency, Binary option funds recovery, Bitcoin Mining, Instagram, WhatsApp, Twitter, Monitor your colleague, access your spouse social media, and a lot more, via, femethicalhacker@gmail.com,
Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on, Henryclarkethicalhacker@gmail.com, and you can Text/Call &WhatsApp: +1 (773)-609-2741, or +1201-430-5865, and figure out your relationship status. I wish you the best.
My girlfriend was very smart at hiding her infidelity from me due to some selfish reasons. So I had no proof for weeks while hurting myself during this process. Luckily I was referred to this private investigator and the result was awesome and top notch. All my girlfriend’s dirty chats, Facebook, WhatsApp, Instagram, and even phone conversations were directed to my cell phone, if your girlfriend, boyfriend, wife or husband are experts at hiding his or her cheating adventures, contact this fast and trusted link. You can reach them via, Henryclarkethicalhacker@gmail.com TEXT,Call & Whatsapp,+1(201)4305865, or +1(773)6092741…