How to hack a WordPress website with WPScan
Start with the following command to update the WPScan vulnerabilities database:
wpscan –update
⧫ Scanning WordPress vulnerabilities
Then use the following command to scan the target website for possible vulnerabilities:
wpscan –url [wordpress url]
⧫ How to enumerate WordPress users
The WordPress user enumeration tool is used the retrieve a list of registered WordPress users for the target host. User enumeration is the first step when an attacker wants to gain access to a specific target by brute forcing. The enumeration tool scans the target on posts, pages and custom types for authors and usernames.
Use the following command to enumerate the WordPress users:
wpscan –url [wordpress url]–enumerate u
⧫ How to brute force the root password
Use the following command to brute force the password for user root:
wpscan –url [wordpress url]–wordlist [path to wordlist]–username [username to brute force]–threads [number of threads to use]
Comments
Post a Comment