WordPress Vulnerabilities

So you have found an installation of wordpress on your vulnerable virtual machine. What next?

WPScan

In your browser copy the address of the wordpress installation.

At the terminal in Kali type the following:

wpscan --url http://172.16.195.202/wordpress/ --enumerate

Replace the URL with the URL of the vulnerable wordpress installation.

Once the scan has been completed you will be presented with a list of vulnerabilities with that installation of word press.

Dictionary attack

It is possible that this scan will return a list of usernames – you can then utilise these usernames to perform a brute force attack against the login.

If for example one of the usernames is ‘admin’:

wpscan --url http://172.16.195.202/wordpress/ --wordlist /usr/share/wordlist/rockyou.txt --user admin

If at first you don’t succeed you can run the above command again with progressively larger wordlists.

Further Exploitation

Once access has been granted it might be possible to upload a php shell and set a reverse listener on Kali. Article to be developed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s