search
About me
githubEdit

Wordpress Attacks

hashtag
Discovery/Footprinting

  • Look into /robots.txt

User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php
Disallow: /wp-content/uploads/wpforms/

Sitemap: https://inlanefreight.local/wp-sitemap.xml

  • presence of the /wp-admin and /wp-content directories

hashtag
Enumeration

curl -s https://blog.inlanefreight.local | grep WordPress
<meta name="generator" content="WordPress 5.8" /

  • themes

curl -s https://wehost.co.in/ | grep themes

  • plugins

curl -s https://wehost.co.in/ | grep plugins

hashtag
Enumerating Users

  • login page can be found at /wp-login.php.

  • A valid username and an invalid password results in the following message:

  • Pasted image 20240815220135.png

  • an invalid username returns that the user was not found.

  • Pasted image 20240815220145.png

hashtag
WPScan

hashtag
Attacking WordPress

hashtag
Login Bruteforce

  • The wp-login method will attempt to brute force the standard WordPress login page, while the xmlrpc method uses WordPress API to make login attempts through /xmlrpc.php.

    • The xmlrpc method is preferred as it’s faster.

hashtag
Code Execution

hashtag
PHP Meterpreter shell

PreviousExtracting windows wifi passwordNextJoomla Attacks

Last updated