WordPress Website Take Over (A beginners tutorial)

1
164

Word press is the major platform for the content management system Of the websites. Word press has its own platform on e-commerce, business and blogging templates to build a website. Since this is a trusted platform for the users, it also has some vulnerabilities exposed in recent days. Mostly the vulnerability lies within the plugins provided by the word press as the default and also by some third parties. There are many exploits available for those plugins in github.

So, to exploit these wordpress sites there is a need to find those installed Plugins and get available exploits for those plugins and start exploiting.

How to find the vulnerable wordpress plugins?

To begin with, first it is recommendable to check the core version of the word press site and make the note of the version. Because, one of the way to Keep the wp site secured is updating the core version. Core version can be detected with the html source code of site. This can be done using the meta data generator tool for the respective browser. If, you are in a chrome browser then it is advisable to use the chrome meta data generator tool. This tool will reveal the core version.

Take a look at the directory indexing:

The directory index can give you the information on the wordpress plugin installation and with in that plugins you can find the vulnerable one and exploit it.
Some websites will lead to public disclosure of the directory which can be accessed through the URL manipulation……like

Sitename/indexof/wp-content

Another way of finding the plugin versions is through the http requests to the site with some request capturer tool like Burpsuite. Through analyzing the http request we can come to know the plugins through the java script included.

How to Take over the wp-users admin panel:

The login panel gives the legitimation of the existing user while attempting a bruteforce attack. When the username with a wrong password is entered in the login panel, it confirms the existence of the registered user.
But most of the sites will not do these information disclosure. This gives a chance for the attacker to perform a confident bruteforce. Wpscan is a tool available online, to scan for the vulnerable plugins and enumerate the users. And brute force the wp accounts.

Incoming search terms :

wordpress hacking tools
wordpress hacking tricks
wordpress hackerone
wordpress hacked how to fix
wordpress hack statistics
wordpress hack 2017
wordpress hack security plugins
wordpress hacked redirect
wordpress hack via wp-config
wordpress hack 2018
wordpress hack
wordpress hack admin password
wordpress hack cleanup
wordpress hack statistics 2017
wordpress hack redirect
wordpress hack plugin
wordpress hack admin user
wordpress hack attempts
wordpress hack admin-ajax.php
wordpress hack attack
wordpress hack author
wordpress hack android
hack wordpress admin password backtrack
wordpress anti hack plugin
hack wordpress admin account
site wordpress hacked
hire a wordpress hacker
wordpress site hacked how to clean
wordpress site hacked redirect
wordpress site hacking tools
wordpress site hacked can’t login
wordpress site hacked 2015
wordpress site hacked godaddy
wordpress site hacked viagra
wordpress site hacking tutorial
wordpress hack base64
wordpress hack backtrack
wordpress hack blog
wordpress backdoor hack
wordpress base64 hack cleanup script
hack wordpress brute force
hack wordpress backtrack 5 r3
hack wordpress blog password
hack wordpress backtrack 5
wordpress hack wp-blog-header.php
wordpress hack check
wordpress hack code
wordpress hack comments
wordpress hack casino
wordpress hack cleanup plugin
wordpress hack cron
wordpress hack cleanup database
wordpress hack cialis
wordpress-hack-cleanup.php
wordpress hack december 2017
wordpress hack database
wordpress hack detection
wordpress hack dork
wordpress hack december 2014
wordpress hack db.php
wordpress hack defense
wordpress hack docs.php
wordpress database hack_file
wordpress db hack
wordpress hack email spam
wordpress hack exploit
wordpress hack eval
wordpress hack encrypted
wordpress email hack
hack wordpress easy
wordpress-hack-fix-403-errors-with-htaccess
wordpress 3.5.1 exploit hack
wordpress theme editor hack
hack wordpress site easily
wordpress hack fix
wordpress hack_file
wordpress hack forum
wordpress hack functions php
wordpress hack footer.php
wordpress hack finder
wordpress hack ftp
wordpress fancybox hack
wordpress filesman hack
wordpress hack github
wordpress hack google results
wordpress hack google
wordpress hack globals
wordpress hack gantengers crew
wordpress hack googlebot
wordpress hack grep
wordpress hack google description
wordpress hack gevoelig
wordpress gallery hack
wordpress hack header.php
wordpress hack htaccess
wordpress hack how to
wordpress hack hhvm
wordpress hack havij
wordpress header hack
hack wordpress hydra
hack wordpress hash
wordpress hack readme.html
wordpress hack link in header
wordpress hack index.php
wordpress hack isis
wordpress hack iframe
wordpress hack issues
wordpress hack in header
wordpress hack inmotion
wordpress injection hack
hack wordpress in kali
hack wordpress install php
wordpress is hack
wordpress hack js
wordpress javascript hack
wordpress jetpack hack
wordpress jquery hack
hack wordpress tutorial with jumping
hack wordpress jetpack plugin
wordpress hack kali linux
wordpress kena hack
wordpress activation key hack
hack wordpress website kali linux
mengatasi wordpress kena hack
hack wordpress using kali
hack wordpress site kali
website wordpress kena hack
hack wordpress login kali
wordpress secret key hack
wordpress hack login
wordpress hack lost password
wordpress hack links
wordpress hack linux
wordpress hack language
hack wordpress login page
hack wordpress login admin password
wordpress login hack tool
wordpress levitra hack
wordpress hack mac
wordpress hack mail
wordpress hack monitor
wordpress hack methods
wordpress hack metasploit
wordpress mysql hack
wordpress mailpoet hack
wordpress menu hack
hack wordpress membership site
wordpress malware hack
wordpress hack night
wordpress hack news
wordpress hack .nfs
wordpress username hack
nmap wordpress hack
wordpress nextgen hack
wordpress hack online
wordpress hack online casino
wordpress hack ovh
wordpress options hack_file
wordpress password hack online
hack old wordpress
hack on wordpress
cara hack wordpress orang lain
wordpress hack oplossen
hackeando o wordpress
wordpress hackeado o que fazer
wordpress hack password
wordpress hack protection plugin
wordpress hack prevention
wordpress hack proof
wordpress hack pomo
wordpress hack python
wordpress hack php
wordpress hack pharma
wordpress hack password reset
wordpress hack repair
wordpress hack revolution slider
wordpress hack revslider
wordpress hack removal
wordpress hack risk
wordpress hack random links
wordpress redirect hack 2015
wordpress russian hack
wordpress hack scan
wordpress hack script
wordpress hack sql injection
wordpress hack spam
wordpress hack site
wordpress hack software
wordpress hack search results
wordpress hack tutorial
wordpress hack tool
wordpress hack theme
wordpress hack test
wordpress hack template
wordpress hack turkhackteam
wordpress hack tinymce
wordpress hack tricks
hack wordpress theme premium
wordpress timthumb hack
wordpress hack uploads directory
wordpress hack upload shell
wordpress hack username password
wordpress hack upload file
wordpress hack username
wordpress hack url
wordpress hack users
wordpress hack ubuntu
hack wordpress using kali linux
hack wordpress using wpscan
wordpress hack vulnerability
wordpress hack viagra
wordpress viagra hack 2014
wordpress viagra hack google
wordpress version hack
wordpress viagra hack in header
wordpress hack verhindern
hack view wordpress
wordpress hack with kali
wordpress hack wp-admin/admin-ajax.php
wordpress hack wp-config
wordpress hack with havij
wordpress hack wp-admin
wordpress hack windows
wordpress hack wp config php
wordpress hack wp-includes
wordpress hack wordlist
wordpress hack xmlrpc php
wordpress hack xss
wordpress xcalendar hack
wordpress hack youtube
wordpress yoast hack
hack wordpress password youtube
hack your wordpress theme
yandex wordpress hack
wordpress hack yöntemleri
wordpress hack 2015
wordpress hack 2016
wordpress hack 2014
wordpress pharma hack 2015
wordpress pharma hack 2014
wordpress pharma hack 2014 fix
wordpress redirect hack 2014
forza horizon 2 hacks.wordpress
hack wordpress 3.5.1
wordpress 3.6.1 hack
hack wordpress 3.6
wordpress 3.9.1 hack
hack wordpress 3.9
hack wordpress 3.4.2
wordpress 3.8.5 hack
hack wordpress 3.9.3
hack wordpress 3.8
wordpress 3.3.1 hack
wordpress 3 hack
wordpress hack 404.php
wordpress hack 4.1
wordpress hack 4.3.1
hack wordpress 4.2.2
hack wordpress 4.0
wordpress 4.1.1 hack
wordpress 4.0.1 hack
wordpress 4.3 hack
hack wordpress 4.4.2
wordpress 4.4 hack
wordpress 4 hack
backtrack 5 wordpress hack
top 5 wordpress hacks
wordpress utf 7 hack
wordpress hack contact form 7
utf-7 wordpress hack
contact form 7 wordpress hack
8 ball pool hack wordpress

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.