WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.
This tool is the first thing to run on your WordPress site if you own one, it will give you a lot of information of your site and from there you can protect your site.
First to install the tool on your machine is to run “apt install wpscan” the tool is already installed on Kali Linux.
Let’s view the help screen for wpscan by running “ wpscan –help”:
We are interested in enumerating “themes-plugins-usernames”:
Scanning the box with “wpscan –url <site_address> -e u” to enumerate for the usernames if found on the site:
We found two username “admin” and “joe”.
Now we can run a brute force against these usernames using the same tool Wpscan, we need to change few parameters in order to make the brute force work:
wpscan –url <site_address> -P <path_to_password_file> -U admin
The brute force is completed with success, and we found the password for the admin user “iubire”, we can confirm that by visiting the login page and try to log in with these credentials.
Bounce, what i did is i used “dirb” to brute force the site pages and find the login page:
The login page is “/wp-admin/
We logged in using the username and password we got using wpscan tool, some times you can only find the username but the password is hard to brute force, so the next step is to enumerate the themes and plugins trying to find vulnerable plugin or theme and then search for the right exploit to gain access.
wpscan –url <site_address> -e –plugins-detection aggressive
This command will enumerate for plugins and themes in an aggressive method and will find all the plugins weather it’s vulnerable or not, providing the methods of how to exploit the vulnerable ones.