Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CMS
- ====
- Content Management System
- -------------------------
- For creating a whole new website, you just need to drag and drop the site's element only. You do not need to have very awesome knowledge of HTML, JS, PHP and all.. So you are just required to have a good knowledge of english and grammer.
- WordPress also provides the CMS
- ================================
- How to recognise the site is in wordpress :
- 1. Wappalyzer
- 2. Add wp-admin or wp-login in the end of thr url = inurl : wp-login OR inurl : wp-admin
- 3. We will see "wp-content", when we look up for the image location
- Download Wordpress ---> www.wordpress.org ---> 4.8
- http://127.0.0.1/wordpress/wp-content/uploads/2017/11/bharti-210x300.jpg
- Hacking into wordpress website
- ===============================
- wpscan > Inbuild tool for kali linux. Used for enumerating and scanning the Wordpress Website.
- #wpscan
- #wpscan --url 127.0.0.1/wordpress
- #wpscan --url 127.0.0.1/wordpress --enumerate t (To enumerate the data about the theme)
- #wpscan --url 127.0.0.1/wordpress --enumerate p (To enumerate the data about plugins)
- #wpscan --url 127.0.0.1/wordpress --enumerate ap (To enumerate the data about ALL plugins)
- #wpscan --url 127.0.0.1/wordpress --enumerate vp (To enumerate the data about Vulnerable plugins)
- #wpscan --url 127.0.0.1/wordpress --enumerate u (To enumerate the data about username)
- #wpscan --url 127.0.0.1/wordpress --wordlist /usr/share/wordlists/rockyou.txt --username elliot ( For bruteforcing the password)
- ------------------------------------------------------------------------------------------------------------------------------------
- REMEDIES :
- ==========
- = wp-login changer : It will change wp-admin / wp-login to another directory name for example. wp-admin changed to adminlogin.php
- = Login Limiter : Set the number of login attempts into the login page. (It's a plugin in login page.)
Add Comment
Please, Sign In to add comment