search

Wordpress

hashtag
Enumeration

hashtag
Find Users

https://cavementech.com/wp-json/wp/v2/userscavementech.comchevron-right
use the link

hashtag
Enumerate Plugins

hashtag
Gobuster to find wordpress plugins

hashtag
Nmap to find vulnerable wordpress scripts

hashtag
Wpscan to look for plugins

hashtag
WPSCAN

WPScan is a WordPress security scanner designed to find vulnerabilities in WordPress websites.

🔒 What it does:

  • Scans for known vulnerabilities in:

    • WordPress core (the main system)

    • Installed plugins

    • Installed themes

  • Checks for weak passwords on user accounts.

  • Looks for configuration issues (e.g., directory listing enabled, debug mode active).

Logowpscan | Kali Linux ToolsKali Linuxchevron-right

Wpscan is installed in Kali and parrot OS, you need to register on WPSCAN website and get the API-Key

hashtag
Bruteforcing

hashtag
Default backup file

hashtag
Nikto scan wordpress

hashtag
Exploiting duplicator plugin

there is an exploit for duplicator

So there are multiple exploits available. One of them is an arbitrary file read exploit in Metasploit.

Let’s use it by running msfconsole and search that particular module.

Interact with the module by typing use 1 and then options to list the required parameters.

So we need to set only RHOSTS as target2.ine.local and run the exploit.

PreviousUploading ShellsNextWebdav

Last updated