Hi everyone. I have a question. I am trying to bruteforce a wordpress site I've been tasked with checking. I know the username is admin. Using hydra, I entered the commands, but when I execute, the string gets broken and runs as commands
. If you can look at the picture, it shows what I'm talking about. The same thing is happening when I use sqlmap.
Thanks for any help you can provide.
5 Responses
Check online for wordpress default passwords, that will be your best and probably fastest bet.
As for the problem with hydra, I'm not all that sure.
Ok. Thanks for taking the time to respond. I appreciate it. I don't know if wordpress has default passwords but I will check. Yea I don't know what's going on with my kali either. Sigh. Thx again
Hey, no problem! I'm here to help! :D
Hi PP,
you can also check this little script for the Nmap NSE:
https://nmap.org/nsedoc/scripts/http-wordpress-brute.html
I think it's easier to use than hydra. I don't recommend skipping problems, but if you have deadlines, it can save your day :)
thanks for the tip :)
Share Your Thoughts