This topic is high on demand. Here’s my tutorial which shows you how to hack wordpress sites with KALI Linux. Actually, you dont require KALI Linux. You can basically use any other OS – as long as you get “wpscan” to execute on your system. I created the website http://ubuntu-for-pentesting.com – but didnt have much time to post projects there. If you are interested to assist me, drop me a comment here on this post and i will email you.
Hacking WordPress with KALI Linux
With KALI 2016.1 you actually got all the tools which are required for a basic hack of WordPress: Iceweasel, BURP Suite and – most urgent – WPScan just to name a few. This article will focus on the basic usage of WPScan, since its quite a powerful vulnerability scanner build especially for WordPress target. You can find WPScan here: https://github.com/wpscanteam/wpscan
Keep in mind: Every time before you use WPScan, you should update it’s database to the latest release. New bugs (and exploits) especially versus WP Plugins will be available often, so you need a updated WPScan. The update is a single command:
Remember to run that command each and every time before you use WPScan!
Simple Scan of a WP Site
The most simple approach is easy: Just use the parameter -url and give it the URL of a WordPress Site. WPScan will scan that complete Site for Vulnerabilities in WP, Credentials as well as Addons as used Themes/Plugins. If a weakness is there – which is reported to the WPScan database – it will show up. Follow the instructions of the found weakness (by Googling them!) and you will eventually find a way to hack the WP Site. Noone said it’s easy 😉
Sample for a WPScan:
wpscan -url http://my.wordpress.site
Different Approach: Attacking WP Users
With WPScan you can also enumerate and try to break the users found. At least when they have simple passwords. At first enumerate all the users of a WP Site by running this command:
wpscan -url http://my.target.site -enumerate u
This will enumerate and show you the users of the site. Example output:
Here we found a user named root. Lets try to break his password!
Password Breaking with WPScan
As target we choose the imaginary user root we found before (Remember: Hacking is illegal in most countries, thats why i am showing you only “examples”). We use a wordlist and try to hack that root WP user. Here’s the syntax to do so:
wpscan –url http://my.target.site –wordlist /tmp/wordlist_root.txt –username root –threads 10
Thats all! If you break the password you can login with that WP user and do whatever you want. Basically by a simple change you can create even a PHP based Shell Backdoor. Or simple use a ready made PHP Backdoor and bobbytrap the system to hack it completely. The rest is upto you!