On the menu Applications selecione Kali Linux/WebApplications/CMS Identification/wpscan
will open a terminal window where u can type:
will open a terminal window where u can type:
This command will make the checks more common and list the installed plugins and some plugins have known security vulnerabilities. The vulnerabilities are avidly found links with information on how to exploit these flaws. The result is similar to that.ruby /usr/bin/wpscan --url www.site.com --enumerate p
Going one step further we can use the parameter you to list the users admin panel
ruby /usr/bin/wpscan --url www.site.com --enumerate u
with the users listed can use the following parameter in the command to run a brute force attack on the panel:
ruby /usr/bin/wpscan. --url www.site.com --wordlist words.txt --username admin
In this case, we have a wordlist with passwords which in our case is called words.txt just put the name of your, and u username will put the user who was enumerated using the previous command in our case was the admin.
All of these commands can be executed anonymously using the end parameter –proxy HTTP://127.0.0.1:8123 (OBS: this will only work if u have followed our tip configuration Kali Tor in Linux)
I hope you enjoyed.
These tips should not be used to “times” but to help all.
As a hint there some plugins that help improve the safety of wordpress, some are even able to block attempts to brute force attacks.
Do not forget to share and subscribe to the blog to be notified of updates by email.
Until next time.
0 comments:
Post a Comment