Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked WordPress for Pentesters

itsMe

By MASTERitsMe
in Video Tutorials

 Share

Recommended Posts

itsMe Master Hacker

MASTERitsMe

Posted
Posted

This is the hidden content, please

Learn how to enumerate and exploit WordPress CMS

What you'll learn

    Enumerate WordPress
    Enumerate Users , Themes , Plugins in WordPress
    Bruteforce Attacks using XMLRPC , Python , BurpSuite and Hydra
    Bruteforce Attacks using Metasploit
    Exploit Themes , Plugins and Pop a Shell
    Shell Upload using Metasploit

Requirements

    No Prerequisites needed but web and python fundamentals are optional

Description

This course teaches you how to enumerate WordPress CMS.

Wordpress cms is one of most popular cms to build blogs , shopping websites and more

Wordpress comes with lot of 3rd party plugins and themes

so does vulnerabilities and misconfigurations

We need to know how hackers attack wordpress thus protecting ourself from the attacks

We will see how to enumerate and bruteforce with python , burp , wpscan , metasploit etc

tools like wpscan does awesome job at enumeration and also at bruteforce attacks thus testing our password security

Metasploit have some auxiliary scanners and wordpress exploits to test aganist wordpress

we can script our code in python to bruteforce the login credentials and hence some what faster than burp community edition

Burp professional edition have the option of multi threading thus testing passwords faster

but in this course we will not discuss about professional edition as it is not free

we will also get the reverse shell from the vulnerable wordpress machine

Bonus video includes how we attack a Drupal CMS using droopescan

we can use droopescan to scan wordpress , joomla , drupal , moodle etc

but for wordpress we better use wpscan first

later we see some try hack me writeup  which involves pentesting wordpress cms and exploiting it


after this course you can try mrrobot room from tryhackme and test your skills

Who this course is for:

    Anyone who is interested in Pentesting
    Anyone who wants to learn how to pentest Wordpress or any other CMS

This is the hidden content, please

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.