As the SQL Map in Kali WP Scan also very valuable tool to find vulnerabilities and hack web sites. It's totally focused on Word Press. Using this we can find the exploits, vulnerabilities of web sites which are hosted in web hosting services, using Word Press.So if you noticed that you are following a website that is use Word Press this tool will be great help.
Open the Kali terminal and type
Find the Exploits for the web site
Very useful thing behind the WP Scan is using simple syntax we can list number of exploits to a given web site(running on Word Press) that related to the Word Press version. Using that information we can do many hacks to the web site. Here is that syntax
wpscan --url <URL of the web site>
Find the User names of Site admins.
The other very useful thing is using WP Scan we can find the Site Admins very easily (Site admins User name and Name). This will be very help to brute-force attacks. Here is the syntax
wpscan --url <URL of site> --enumerate u
This will returns you list of available user names and names of site admins.
After you extract the site admin user name you can establish a brute-force attack to find the password.
How to find the password.
To find the password we can use a brute-force attack using the following syntax,
wpscan --url <URL> --wordlist <Word list file(with path)> --user <user name extracted>
Using this you can find the password if your password list is strong and the admin of the site is not restricted the access to the admin login page. So before you enumerate this check it by go to this URL
your site url/wp-admin
How to hide the IP to attack.
The main bad effect of the Brute forcing is it could be get block your IP due to huge requests. So as a result you will have to face many difficulties while you are surfing internet if your own internet connection has been used to this attack. To avoid this you can use a proxy which hides your IP. WP Scan has special syntax for this purpose.
wpscan --url <URL> --wordlist <Word list file(with path)> --user <user name extracted> --proxy <Proxy IP>:<Port>
No comments:
Post a Comment