Using BackTrack 5 and WPScan


WPScan.rb is a nifty bit of program that allows you to scan WordPress sites for information as well as do some fun stuff.

Say for example you want to "hack" into your friends WordPress site :-)...or just get some information, whatever.

I'm using BackTrack 5 r3 for this tutorial.

Step 1:
You can use it to enumerate usernames, so you can see what usernames are valid on the WordPress site by running this command:

ruby ./wpscan.rb --url --enumerate u

Running this command against a real WordPress site will show something like this: 

Step 2: 
Now that you know what the usernames are, you can then try to brute force it with a list of passwords. This process takes a while, and you have to have a word list.  BackTrack 5 r3 comes with a decent word list, so I'll use that in this example. 

ruby ./wpscan.rb --url --wordlist /pentest/passwords/wordlists/darkc0de.lst --username admin

The above command is telling WPScan to attack your friends URL, using the username "admin" with the word list that is located in the    /pentest/passwords/wordlists/     folder of Back Track 5.

You can even add threading to make the process a little faster by using this switch:

--threads 50

There are a few more things you can do, including scanning for what plugins the site uses, as well as telling you which ones are vulnerable.  

You can see a full list of options here:

Happy WordPress Hacking!!

IMPORTANT: This information is for research and academic purposes only! This info is not to be abused! I am not responsible for any damage that you may do to someones website. 


Post a Comment