Skip to content

Pentestblog

Menu
  • Home
  • Kali Linux
  • Blog
  • CTF Challenges
  • Course
    • Download Free Videos
  • Contact Us

How to Hack WordPress Websites

By Pentestblog 15/02/2021 WordPress Hacking 0 Comments
wordpress website hacking

Welcome back to you this blog. Today, I will show you  How to Hack WordPress websites. Our first step is to prepare the tool we will use. By the way, there are a bunch of WordPress Hacking tools available on the internet. But we will use this wpscan tool that is pre-installed in Kali Linux.

  • Virtualbox
  • Kali Linux / “Attacker”
  • Ubuntu machine “192.168.43.127”
  • wpscan
  • Nmap
  • dirb
  • Good wordlist

Imagine the scenario:

We stay located in a corporate network, and we desire to hack the WordPress website and obtain weaknesses in it. But this will be feasible only when you have the outer awareness of penetration testing. We can’t hack WordPress websites without the proper knowledge. To acquire more information, you will have to read this blog till the end. We want to say hacking is an art that enhances through hard work.

Let’s start, Hack WordPress website

The first step is to identify the target IP. for that, we will use the netdiscover command. This command will help you to discover the target IP. As you know, we have mentioned each blog. Look at the below image.

netdiscover

netdiscover

In the next stage! We will scan to the target using Nmap with IP address “192.168.43.127”, at the scanning stage using Nmap we can see open port ports that we can exploit, on there are three types of weakness. Look at the below image.

  • FTP (File transfer protocol)
  • SSH (Secure Shell)
  • HTTP (Hypertext transfer protocol)

nmap -sV -A 192.168.43.127

nmap scanning

Often, Hack WordPress websites, we need to scan our target URL. At this time, we will use the dirb tool.
DIRB is a tool designed to find these objects, hidden and not hidden.

dirb tool

In this stage! We try to open the WordPress URL in the browser and Open the WordPress login page. If you want to hack a WordPress website, then follow the below steps.

wordpress website
wordpress login page

In this stage! we will scan the vulnerable themes of the WordPress website. Without scanning WordPress themes and plugins, you can’t hack a WordPress website.

wpscan –url http://vtcsec/secret/ -e vt

vulnerable plugin

In this stage! We will enumerate the username of the WordPress website. For that, we will use the wpscan tool. wpscan is pre-install in Kali Linux. Using wpscan, you can Brute-force attack on username and password.

wpscan –url http://vtcsec/secret/ -e u

username enumeration

I got my username.

found username

In this final stage, we will execute a brute-force attack on the WordPress site to find passwords. We will use a custom wordlist. If you have no mind, that how to create a custom wordlist. You can visit my YouTube channel.

wpscan –url http://vtcsec/secret/ -U admin -P /usr/share/wordlists/rockyout.txt

Brute-Force Attack

In the end, we got the username and password.

Found Username : Password

We succeed. At this time, we will open the WordPress login page and login with an authenticate credential.

Login WordPress

Login using username: admin and password: admin and you can access dashboard admin. If you liked this blog, then you must subscribe to our YouTube channel.

WordPress Dashbord


Trending
SQL INJECTION – Extracting Username and Password From Database

⭐⭐⭐⭐⭐

Rating: 5 out of 5.

Recent Posts


  • SQL INJECTION – Extracting Username and Password From Database
  • How To Dump Username And Password Using SQLMap Tool?
  • Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
  • Hack The Box Previse HTB CTF Machine Walkthrough
  • How Can I See List All Users In A MySQL Database Server

Most Popular Posts


  • SQL INJECTION – Extracting Username and Password From Database
  • How To Dump Username And Password Using SQLMap Tool?
  • Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
  • Hack The Box Previse HTB CTF Machine Walkthrough

Related

Add a Comment

Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • SQL INJECTION – Extracting Username and Password From Database
  • How To Dump Username And Password Using SQLMap Tool?
  • Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
  • Hack The Box Previse HTB CTF Machine Walkthrough
  • How Can I See List All Users In A MySQL Database Server

Recent Comments

  • Cysecon on Top 10 Computer Hacking Tools For Ethical Hacker
  • deutschland on What is Termux? How To Use Termux Basic Command As a Beginner?
  • cysecon on How To Dump Username And Password Using SQLMap Tool?
  • Pentestblog on CTF Challenges for Beginners
  • chris on CTF Challenges for Beginners

Archives

  • May 2022
  • January 2022
  • December 2021
  • November 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021

Please Share

0
1
0
1
2
0
0
0
1

Follow Us

Pentestblog Youtube

RSS Pentestblog

  • SQL INJECTION – Extracting Username and Password From Database

Categories

  • Android Hacking
  • Apache Log4j
  • Blog
  • CTF Challange
  • Ethical Hacking
  • Gadgets
  • Hack the Box
  • Kali Linux
  • OSCP
  • Phishing
  • SQL Injeciton
  • SQL Injection
  • WordPress Hacking

Other Pages

  • Privacy Policy
  • DMCA
  • Terms and Conditions
  • About Us
  • Contact Us
  • Our Videos
  • Our Course
  • CTF Challenges
Pentestblog Copyright © 2022.
Created by Sandeep Yadav (Ethical Hacker) Back to Top ↑