Hell guys! I found Null Byte today! I'm so excited about this forum. I got a basic knowledge about hacking(I thought hacking is easy before finding this :D)
So, I was wondering if there is any "easy" way to hack in-to a WordPress website. Maybe with simple steps so anyone can understand? :)
Regards!
11 Responses
Pramod Indunith:
First of all, hacking is not easy at all. It takes a lot of work. I've been teaching myself for years and I feel like I've barely even scratched the surface.
Secondly, what are your intentions with hacking into that website.
Thirdly, if you are wanting to hack websites, you will have to learn HTML at the very least. Here is a link to learn that and more.
http://www.w3schools.com/
ghost_
yes there are super easy ways to hack word-press you just have to know what version is used and what add ons are used then Google search know vulnerabilities for them usually people don't have everything up to date...
Hi, ICQ's post above is correct and spot on. Find the WordPress Version, the Theme, and all the plugins for the site. Then learn your way around:
exploit-db.com
exploit-db.com/google-hacking-database
Search 'wordpress' on those sites.
You can try Google dorks, but you can only get about 1,000 sites from google serps.
I also use wpdata.monster because it already has all the info that I might need.
try reverse ip best and works most of the times :P or you can use wpscan to scan some known vulnerabilities
if you are using kali (or any linux just instal the program) use
wpscan --url yoursitehere and it will try to show you what version it is its plugins and then you just google know vulnerabilities :D
Thank you all for your comments.
I think it would be great if one of you can post a thread about this. I'm not the only one who willing to learn to hack a wordpress site ;)
https://null-byte.wonderhowto.com/forum/problem-solving-is-essential-hacker-skill-0150882/
"Whenever a new hack is developed, the security industry and the software developers immediately begin to work to close the vulnerability. A hack that works today, likely won't work tomorrow. That's where your problem-solving skills come in."
Hacking isn't about following guides.
ghost_
Hey ghost,
True, but everyone has to start somewhere, so asking questions and asking for a dedicated thread is okay. Problem is... who really wants to share the nuts and bolts
for no monetary gain and at the same time create more competition. lol
Anyways, most vulns in wordpress come from the plugins. Those are created by anyone that can code php and usually not updated often.
First find out which version of Wordpress the target is running(backtrack/kali linux has some scanners to do this)
then look for 0 day exploits
http://www.exploit-db.com/
http://1337day.com/
Any way to login back to the admin panel, if some one forgets the admin password and have no access to database or hosting panel ..
DOES WPSCAN TRACES OUR IP OR ANY physical trace and not just wpscan but does nmap trace too...
regards..
Share Your Thoughts