How to hack a WordPress website with WPScan


⧫ WPScan update

Start with the following command to update the WPScan vulnerabilities database:

wpscan –update

⧫ Scanning WordPress vulnerabilities

Then use the following command to scan the target website for possible vulnerabilities:

wpscan –url [wordpress url]

⧫ How to enumerate WordPress users

The WordPress user enumeration tool is used the retrieve a list of registered WordPress users for the target host. User enumeration is the first step when an attacker wants to gain access to a specific target by brute forcing. The enumeration tool scans the target on posts, pages and custom types for authors and usernames.
Use the following command to enumerate the WordPress users:

wpscan –url [wordpress url]–enumerate u

⧫ How to brute force the root password

Use the following command to brute force the password for user root:

wpscan –url [wordpress url]–wordlist [path to wordlist]–username [username to brute force]–threads [number of threads to use]

Comments

Popular Posts