WordPress is the most commonly used CMS (content management system) that currently exists... by a LONG shot. If you've ever been on the internet, chances are you've encountered a WordPress site or twelve. The ease of use, customability, and huge support community make this the go-to platform for blogs, eCommerce sites, news sites, and even some corporate portals.
But that doesn't mean it's secure, which is good for us. WordPress — like any other system — is completely vulnerable to exploitation due to poorly written third-party software (called plugins). And believe me, there are LOTS of poorly written code out there to satisfy our grubby intentions.
Today we're going to look at scanning for vulnerabilities and even gaining enough access to the system to generate a list of active users that we could use to brute force a password (legally, of course) using a tool called WPScan.
What You Will Need
- Kali Linux (either a bootable LiveCD or bootable USB image)
- WPScan (included in Kali Linux)
- An internet connection (obviously)
Wordpress Vulnerabilites and Hacking
Scanning a WordPress site takes mere minutes and can give you enough information about what plugins the site has activated and what vulnerabilities exist in order for you to gain access to the server. Please, please use this only to audit your own WordPress sites or sites that you are currently an administrator. I am not responsible for the actions you take when scanning sites for exploitation purposes.
Now, let's get to the hack: