How to do Penetration Test for WordPress Website :-
Penetration testing is process of evaluating the security of Computer system or network System by simulating an attack .In this article i am going to show you How to perform penetration test for WordPress website with Kali Linux.
Navigate to Applications > Kali Linux > Web Applications > CMS identification > select wpscan .
or enter the following command on the Terminal root@kali:~#wpscan -h
1. Check the Installed Plugins :-
Open the Terminal and enter the following command
In
this test, i performed this test on the one of the most popular
computer education site to check the installed plugins. WP-Scan found
the 15 active plugins.
2. Check the Running WordPress version :-
Open the terminal and enter the following command
it detects the WordPress version running on a site is 3.6.1 .
3. Finding Username :-
Open the Terminal and enter the following command to enumerate the Username of WordPress site.
As you seen in the below image, it,s find out two users on the WordPress site.
4. Perform Brute-force attack on “admin ” User only :-
Open the terminal and enter the following command to perform Brute force attack on the admin user.
Where youwordlist.txt is your wordlist location. Check my article How to Create Wordlist with crunch in Kali Linux and How to Merge Multiple Wordlist Into One Wordlist .
5. Brute Force attack on Enumerated User :-
Open the terminal and enter the following command
6. Use HTTP and Socks 5 Proxy during Pen-testing :-
To use a HTTP Proxy enter the following command :-
To use a Socks 5 proxy ( cURL >= v7.21.7 needed )
If you want to test other CMS application on your Local machine.
Open your web browser and visit the Turnkey Linux website at http://www.
turnkeylinux.org.
There are many applications listed here, and I would recommend trying them all
so that you can find vulnerabilities and test your skills against these applications;
however, for this recipe, we will examine WordPress. In the Instant Search box,
type WordPress:-
On the WordPress download page, select the ISO image and once the download
completes, follow the instructions in the Getting comfortable with VirtualBox recipe
to install the Turnkey Linux WordPress virtual machine:
or Install WordPress on the Local computer. check my article Installing WordPress on Your Windows Desktop .
Note :- This tutorial is for Education Purpose Only.
Hope you like my post.How to do Penetration Test for WordPress Website. Please Share with others.
Penetration testing is process of evaluating the security of Computer system or network System by simulating an attack .In this article i am going to show you How to perform penetration test for WordPress website with Kali Linux.
Navigate to Applications > Kali Linux > Web Applications > CMS identification > select wpscan .
or enter the following command on the Terminal root@kali:~#wpscan -h
1. Check the Installed Plugins :-
Open the Terminal and enter the following command
| root@Kali:~# ruby /user/bin/wpscan - – url www.example.com –enumerate p |
2. Check the Running WordPress version :-
Open the terminal and enter the following command
| root@Kali:~# ruby /user/bin/wpscan – - url www.yourtargetsite.com |
3. Finding Username :-
Open the Terminal and enter the following command to enumerate the Username of WordPress site.
| root@Kali:~# ruby /user/bin/wpscan - – url www.yourtargetsite.com - – enumerate u |
4. Perform Brute-force attack on “admin ” User only :-
Open the terminal and enter the following command to perform Brute force attack on the admin user.
| root@Kali:~# ruby /user/bin/wpscan - – url www.yourtargetsite.com - -wordlist yourwordlist.txt – -username admin |
5. Brute Force attack on Enumerated User :-
Open the terminal and enter the following command
| root@Kali:~# ruby /user/bin/wpscan - – url www.yourtargetsite.com - -wordlist yourwordlist.txt – -threads 50 |
To use a HTTP Proxy enter the following command :-
| root@Kali:~# ruby /user/bin/wpscan - – url www.yourtargetsite.com - -proxy 17.0.0.1:8118 |
| root@Kali:~# ruby /user/bin/wpscan - – url www.yourtargetsite.com - -proxy socks5://127.0.0.1:9000 |
Open your web browser and visit the Turnkey Linux website at http://www.
turnkeylinux.org.
There are many applications listed here, and I would recommend trying them all
so that you can find vulnerabilities and test your skills against these applications;
however, for this recipe, we will examine WordPress. In the Instant Search box,
type WordPress:-
On the WordPress download page, select the ISO image and once the download
completes, follow the instructions in the Getting comfortable with VirtualBox recipe
to install the Turnkey Linux WordPress virtual machine:
or Install WordPress on the Local computer. check my article Installing WordPress on Your Windows Desktop .
Note :- This tutorial is for Education Purpose Only.
Hope you like my post.How to do Penetration Test for WordPress Website. Please Share with others.
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com