How To Brute Force Wordpress in Kali Linux using Wpscan :
As a WordPressadministrator or webmaster you are responsible for the security of the WordPress blog or website you manage. Most probably you’ve already done a lot to beef up the security andtoday in k4linux.com we will show youhow to brute force Wordpress password in Kali Linux using Wpscan to checking yourPassword Strength.
Disclaimer: This tutorial is for educational purposes only and we are NOT responsible in any way for how this information is used, use it at your own risk.
As we now WPScanis a black box WordPress vulnerability scanner, and it is installed by default in kali linux we will use it for brute forcing wordpress.
We will use our wordpress platform that we already installed. If you have not already done visit our article: HowTo install Wordpress in localhost on Kali Linux.
To Start Open your terminal and start Xampp:
root@k4linux: /opt/lampp/lampp start
Now we need to Enumerate users, type in terminal:
root@k4linux: wpscan -u 127.0.0.1/wordpress --enumerate u
Wpscan will automatically search the admin username.
Now Do wordlist password brute force on the username, type in terminal:
root@k4linux: wpscan --url 127.0.0.1/wordpress --wordlist /root/pass --username k4linux
--wordlist set the location of your Password Wordlist
After a search Wpscan will find the password and this will take a few minutes, this depends on your Wordlist.
Efficiency of the Brute Forcedepend on how much strong is your wordlist and how many password contains it.
Watch the video tutorial for more explanation (Wpscan):
If you have encountered a problem or you have any questions or remarks please feel free to set a comment.
0 commentaires :
Enregistrer un commentaire