Hey guys hackus to Ikea back again with another video and in this video I’m gonna be looking at how to exploit WordPress more specifically we’re going to be finding the username and the password on a vulnerable WordPress server or in this case we’re actually using a virtual machine that has WordPress running on it now the reason I’m doing.
This and a lot of people ask me this question is why hasn’t your channel got any copyright strikes and that’s because I perform everything in my virtual lab that means I’m not attacking anyone or causing harm to anyone.
Apart from you know the targets in my lab so I have downloaded a vulnerable WordPress server that is running on Debian from turnkey Linux I’m pretty sure you know that site right now they have a lot of virtual machine they have a.
Lot of VMs that you can use for testing at set and you know you can learn and practice a lot of stuff so I have it right here and I’ve started I’ve configured it up and I’ve used the default I’ve use the default credentials so I actually don’t know what the user name and password combination is and we’re going to be doing it live so there’s.
Some information here that it’s giving you which is pretty helpful we know that the the server the IP address the local IP address is 192 point one sixty eight point one point 108 alright so let’s get started so what I’m going to do first is I’m just going to start off with 192.
1 or eight right and obviously it’s going to be a wordpress site as you can see.
Here and now the most important thing is.
To start enumerate in the username and hopefully we can crack a.
Password now I you know like to just tell you that I’m using a word list a special well a basic word list that I found quite a few years ago that has been actually quite helpful so I have that already downloaded and hopefully we can find the username and password here so it’s using default credentials so it’ll.
Be much easier but I’m just explaining and this is just a a bit of a practical explanation as to one how one would go about doing this using WordPress scan all right so we know it’s running WordPress and you know if you if you if you’re familiar with web penetration testing you know that what this sites have the WordPress admin page right that allows you.
To log in so we know we can actually log in here sorry about that all right so anyway.
It’s working really really well.
So what press is actually running and I do not know the login credentials so we’re gonna hopefully try and find them now we do have the server IP and obviously we do know that it’s running WordPress right so the first thing we need to do is we need to open up WordPress scan or WP scan alright so as you can see I have it on my favorites on my.
Dock here and to launch it it’s really very simple you can just go to your.
Terminal and you just hit WP or WordPress can so double whoops my bad sorry about that guys apologies there I was smashing on.
My spacebar alright so w WP scan alright and if I just hit enter it’s going to.
Help options there we are so there’s a lot of.
Options and we’ll be covering most of them here you can also use the W scan help all right so to enumerate the help options there we are so we have the.